From 6e3fed358e2d976e06b24ce770a862f0e805fb23 Mon Sep 17 00:00:00 2001 From: Corey Butler Date: Sat, 10 Oct 2020 23:23:20 -0500 Subject: [PATCH] Simplified/shrunk configuration output, support loading explicitly defined user rights. --- package.json | 2 +- src/lib/actors/user.js | 4 +- src/lib/registry.js | 98 +++++++++++++++++++++++++++++++++++++++--- 3 files changed, 94 insertions(+), 10 deletions(-) diff --git a/package.json b/package.json index 6bde1ac..7bea392 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@author.io/iam", - "version": "1.0.0-alpha.4", + "version": "1.0.0-alpha.5", "description": "A Identification and Authorization Management library.", "main": "src/index.js", "module": "index.js", diff --git a/src/lib/actors/user.js b/src/lib/actors/user.js index fadc346..967e778 100644 --- a/src/lib/actors/user.js +++ b/src/lib/actors/user.js @@ -67,9 +67,9 @@ export default class User extends Trace { }) if (this.#explicitResourceRights.size > 0) { - result.assignedRights = {} + result.rights = {} for (const [resource, rights] of this.#explicitResourceRights.entries()) { - result.assignedRights[resource] = rights.map(r => r.data) + result.rights[resource] = rights.map(r => r.data) } } diff --git a/src/lib/registry.js b/src/lib/registry.js index 777fabf..f176a59 100644 --- a/src/lib/registry.js +++ b/src/lib/registry.js @@ -60,11 +60,91 @@ class Registry extends Base { } get configuration () { + function serializeRights (rights) { + return rights.map(r => { + return { + name: r.right === 'all' ? '*' : r.right.replace(':all', ':*'), + description: r.description + } + }) + } + + const roles = this.#roles.data.roles.map(r => { + const rights = {} + Object.keys(r.rights).forEach(name => { rights[name] = serializeRights(r.rights[name]).map(rt => rt.name) }) + const result = { + name: r.name, + rights + } + + if (r.description.trim().length > 0) { + result.description = r.description + } + + return result + }) + const result = Object.assign({}, super.data, { - resources: this.#resources.data.resources, - roles: this.#roles.data.roles, - groups: this.#groups.data.groups, - users: this.#users.data.users + resources: this.#resources.data.resources.map(r => { + delete r.type + r.rights = serializeRights(r.rights) + + if (!r.description || r.description.trim().length === 0) { + delete r.description + } + + return r + }), + roles, + groups: this.#groups.data.groups.map(g => { + delete g.memberOf + delete g.type + + if (g.description.trim().length === 0) { + delete g.description + } + + if (g.members.length === 0) { + delete g.members + } else { + g.members = g.members.map(m => { return { name: m.name, type: m.type } }) + } + + g.roles = g.roles.map(r => r.name) + if (g.roles.length === 0) { + delete g.roles + } + + return g + }), + users: this.#users.data.users.map(u => { + delete u.type + + if (u.description.trim().length === 0) { + delete u.description + } + + if (u.roles.length === 0) { + delete u.roles + } + + if (u.groups.length === 0) { + delete u.groups + } + + if (u.rights) { + const rights = {} + Object.keys(u.rights).forEach(name => { rights[name] = serializeRights(u.rights[name]).map(rt => rt.name) }) + + u.rights = rights + + if (Object.keys(u.rights).length === 0) { + delete u.rights + } + } + + return u + }) }) delete result.type @@ -552,7 +632,7 @@ class Registry extends Base { if (cfg.resources) { for (const resource of cfg.resources) { const r = this.createResource(resource.name, resource.rights) - r.description = resource.description + r.description = resource.description || '' } } @@ -583,7 +663,7 @@ class Registry extends Base { } if (Array.isArray(group.roles)) { - group.roles.forEach(r => g.assign(r.name)) + group.roles.forEach(r => g.assign(r.name ? r.name : r)) } if (Array.isArray(group.members) && group.members.filter(m => m.type === 'group').length > 0) { @@ -616,7 +696,11 @@ class Registry extends Base { } if (Array.isArray(user.groups)) { - user.groups.forEach(g => u.join(g)) + u.join(...user.groups) + } + + if (typeof user.rights === 'object') { + u.setRight(user.rights) } } }