Permission library
Installation
To connect to the project in gradle.kts connect the maven repository.
Dependent on event lib
repositories {
maven {
url = uri("https://gitlab.com/api/v4/projects/32844103/packages/maven")
authentication {
create<HttpHeaderAuthentication>("header")
}
credentials(HttpHeaderCredentials::class) {
name = "Deploy-Token"
value = System.getenv("CI_DEPLOY_PASSWORD")
}
}
}
dependencies {
implementation("com.briolink.lib:permission")
}
In the project configuration add lines to connect to the api permission-service
permission-service:
api:
url: http://permission-service.${env.spring_profiles_active}.svc.cluster.local/
version: 1
You can now access com.briolink.lib.service.PermissionService
Documentation
Table rights
Name right | AccessObjectType | Description |
---|---|---|
EditOwner | Company | Can assign owners and remove them |
EditAdmin | Company | Can assign admins and remove them |
EditSuperuser | Company | Can assign Superusers and remove them, edit their rights |
EditCompanyProfile | Company | Can edit setting and info about company |
EditEmployees | Company | Can view the admin panel. Accept new employees |
EditProject | Company | CRUD Project in Company profile |
EditCompanyService | Company | CRUD All services in Company |
EditNeedsExchange | Company | CRUD Needs |
CreateProject | Company | Can create projects without confirmation |
EditConnection | Company | CRUD All connection in Company |
EditWidget | Company | CRUD All connection in Company |
Basic classes
AllowedRights — Annotation checks if the user has rights to use the function
In function must be contained accessObjectId – String
PermissionService — Main service
UserPermissionRights — Model about rights and role by user
UserPermissionRole — Model about rights for the object
Examples
Annotation AllowedRights
If more than one value is specified in value, the function will execute when the user has one of these rights
When the user wants to update the company logo, the user must have the right IsCanEditCompanyProfile
@AllowedRights(value = ["[email protected]"], argumentNameId="id")
fun uploadCompanyImage(
@InputArgument("id") id: String,
@InputArgument("image") image: MultipartFile?
): URL {
return companyService.uploadCompanyProfileImage(UUID.fromString(id), image)
}
If User haven`t right this example will return exception AccessDeniedException
Add permission role
Sets the role for a user with default rights
try {
permissionService.createPermissionRole(
userId = userId,
accessObjectType = AccessObjectTypeEnum.Company,
accessObjectId = companyId,
permissionRole = PermissionRoleEnum.Owner,
)?.also {
updateUserPermission(userId, companyId)
}
} catch (_: PermissionRoleExistException) {
}
Check permission right
- EditCompanyService – this action
- Company – this access object type
You see more in the table rights
if (permissionService.checkPermission(
userId = SecurityUtil.currentUserAccountId,
accessObjectId = UUID.fromString(companyId),
right = "[email protected]"
)
) updateCompanyService(name = "New company service")