markus/next-ory
1
0
Fork 0
mirror of https://codeberg.org/MarkusThielker/next-ory.git synced 2025-04-19 09:01:18 +00:00
Code Releases Packages Activity

NORY-46: refactor permission checks after rebase

Browse source
This commit is contained in:
Markus Thielker 2025-04-08 10:52:47 +02:00
parent d9a3cde169
commit 222a93886b
3 changed files with 51 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
dashboard/src/app/(inside)/client/page.tsx
View file

@ -1,7 +1,10 @@
import { getOAuth2Api } from '@/ory/sdk/server'; import { getOAuth2Api } from '@/ory/sdk/server';
import { ClientDataTable } from '@/app/(inside)/client/data-table';
import { Button } from '@/components/ui/button'; import { Button } from '@/components/ui/button';
import Link from 'next/link'; import Link from 'next/link';
import { checkPermission, requireSession } from '@/lib/action/authentication';
import { permission, relation } from '@/lib/permission';
import InsufficientPermission from '@/components/insufficient-permission';
import { ClientDataTable } from '@/app/(inside)/client/data-table';
export interface FetchClientPageProps { export interface FetchClientPageProps {
pageSize: number; pageSize: number;
@ -31,6 +34,12 @@ function parseTokens(link: string) {
async function fetchClientPage({ pageSize, pageToken }: FetchClientPageProps) { async function fetchClientPage({ pageSize, pageToken }: FetchClientPageProps) {
'use server'; 'use server';
const session = await requireSession();
const allowed = await checkPermission(permission.client.it, relation.access, session.identity!.id);
if (!allowed) {
throw Error('Unauthorised');
}
const oAuth2Api = await getOAuth2Api(); const oAuth2Api = await getOAuth2Api();
const response = await oAuth2Api.listOAuth2Clients({ const response = await oAuth2Api.listOAuth2Clients({
pageSize: pageSize, pageSize: pageSize,
@ -45,10 +54,16 @@ async function fetchClientPage({ pageSize, pageToken }: FetchClientPageProps) {
export default async function ListClientPage() { export default async function ListClientPage() {
const session = await requireSession();
const identityId = session.identity!.id;
const pmAccessClient = await checkPermission(permission.client.it, relation.access, identityId);
const pmCreateClient = await checkPermission(permission.client.it, relation.create, identityId);
let pageSize = 100; let pageSize = 100;
let pageToken: string = '00000000-0000-0000-0000-000000000000'; let pageToken: string = '00000000-0000-0000-0000-000000000000';
const initialFetch = await fetchClientPage({ pageSize, pageToken }); const initialFetch = pmAccessClient && await fetchClientPage({ pageSize, pageToken });
return ( return (
<div className="space-y-4"> <div className="space-y-4">
@ -57,17 +72,31 @@ export default async function ListClientPage() {
<p className="text-lg font-light"> <p className="text-lg font-light">
See and manage all OAuth2 clients registered with your Ory Hydra instance See and manage all OAuth2 clients registered with your Ory Hydra instance
</p> </p>
{
pmCreateClient && (
<Button className="absolute bottom-0 right-0" asChild> <Button className="absolute bottom-0 right-0" asChild>
<Link href="/client/create"> <Link href="/client/create">
Create new client Create new client
</Link> </Link>
</Button> </Button>
)
}
</div> </div>
<ClientDataTable {
pmAccessClient ?
(
initialFetch && <ClientDataTable
data={initialFetch.data} data={initialFetch.data}
pageSize={pageSize} pageSize={pageSize}
pageToken={initialFetch.tokens.get('next')} pageToken={initialFetch.tokens.get('next')}
fetchClientPage={fetchClientPage}/> fetchClientPage={fetchClientPage}/>
)
:
<InsufficientPermission
permission={permission.client.it}
relation={relation.access}
identityId={identityId}/>
}
</div> </div>
); );
} }

20
dashboard/src/lib/action/client.ts
View file

@ -2,24 +2,18 @@
import { clientFormSchema } from '@/lib/forms/client-form'; import { clientFormSchema } from '@/lib/forms/client-form';
import { z } from 'zod'; import { z } from 'zod';
import { getFrontendApi, getOAuth2Api } from '@/ory/sdk/server'; import { getOAuth2Api } from '@/ory/sdk/server';
import { cookies } from 'next/headers'; import { checkPermission, requireSession } from '@/lib/action/authentication';
import { permission, relation } from '@/lib/permission';
export async function createClient( export async function createClient(
formData: z.infer<typeof clientFormSchema>, formData: z.infer<typeof clientFormSchema>,
) { ) {
const cookie = await cookies(); const session = await requireSession();
const frontendApi = await getFrontendApi(); const allowed = await checkPermission(permission.client.it, relation.create, session.identity!.id);
if (!allowed) {
const session = await frontendApi throw Error('Unauthorised');
.toSession({ cookie: 'ory_kratos_session=' + cookie.get('ory_kratos_session')?.value })
.then((response) => response.data)
.catch(() => null);
if (!session) {
console.log('Unauthorised action call');
throw 'Unauthorised';
} }
console.log(session.identity?.traits.email, 'posted form', formData); console.log(session.identity?.traits.email, 'posted form', formData);

3
dashboard/src/lib/permission.ts
View file

@ -13,6 +13,9 @@ export const permission = {
state: 'admin.user.state', state: 'admin.user.state',
trait: 'admin.user.trait', trait: 'admin.user.trait',
}, },
client: {
it: 'admin.client',
},
}; };
export const relation = { export const relation = {