Merge pull request #729 from PROCEED-Labs/folder-permission-management

Folder Permission Management

Author: Zayn-Javed

src/management-system-v2/app/(dashboard)/[environmentId]/iam/roles/[roleId]/folder-permissions.tsx

@@ -11,15 +11,16 @@ import RolePermissions from './rolePermissions';
 import RoleMembers from './role-members';
 import { AuthenticatedUser } from '@/lib/data/user-schema';
 import SpaceLink from '@/components/space-link';
-import { getFolderById } from '@/lib/data/db/folders';
+import { getFolderById, getFolders } from '@/lib/data/db/folders';
+import FolderPermissions from './folder-permissions';
 
 const Page = async (props: { params: Promise<{ roleId: string; environmentId: string }> }) => {
   const params = await props.params;
 
   const { roleId, environmentId } = params;
 
   const { ability, activeEnvironment } = await getCurrentEnvironment(environmentId);
-  const role = await getRoleWithMembersById(roleId, ability);
+  const role = await getRoleWithMembersById(roleId, ability, true);
   // if (role && !ability.can('manage', toCaslResource('Role', role))) return <UnauthorizedFallback />;
   if (!ability.can('admin', 'All')) return <UnauthorizedFallback />;
 
@@ -40,6 +41,8 @@ const Page = async (props: { params: Promise<{ roleId: string; environmentId: st
       </Content>
     );
 
+  const folders = await getFolders(environmentId);
+
   const usersInRole = role.members;
   const roleUserSet = new Set(usersInRole.map((member) => member.id));
 
@@ -63,6 +66,11 @@ const Page = async (props: { params: Promise<{ roleId: string; environmentId: st
       label: 'Permissions',
       children: <RolePermissions role={role} />,
     },
+    {
+      key: 'folder-permissions',
+      label: 'Folder Permissions',
+      children: <FolderPermissions role={role} folders={folders} />,
+    },
   ];
 
   if (role.name !== '@everyone' && role.name !== '@guest') {

src/management-system-v2/app/(dashboard)/[environmentId]/iam/roles/[roleId]/page.tsx

@@ -65,10 +65,10 @@ const AddUserModal: FC<{
         /* ---- */
         users={usersNotInRole}
         loading={loading}
-        columns={(clearSelected, _, selectedRowKeys) => [
+        columns={(clearSelected, _) => [
           {
             dataIndex: 'id',
-            render: (id, user) => (
+            render: (_, user) => (
               <Tooltip placement="top" title="Add to role">
                 <Button
                   icon={<PlusOutlined />}

src/management-system-v2/app/(dashboard)/[environmentId]/iam/roles/[roleId]/role-members.tsx

@@ -0,0 +1,152 @@
+import Ability from '@/lib/ability/abilityHelper';
+import { ResourceActionType, ResourceType } from '@/lib/ability/caslAbility';
+import {
+  ResourceActionsMapping,
+  permissionIdentifiersToNumber,
+} from '@/lib/authorization/permissionHelpers';
+import { Role } from '@/lib/data/role-schema';
+import { Fragment } from 'react/jsx-runtime';
+import { Divider, Form, Row, Space, Switch, Typography } from 'antd';
+import { useAbilityStore } from '@/lib/abilityStore';
+
+export function switchChecked(
+  permissions: Role['permissions'] | undefined,
+  resources: keyof Role['permissions'] | (keyof Role['permissions'])[],
+  action: ResourceActionType,
+) {
+  if (!permissions) return false;
+
+  const resourceInPermissions =
+    typeof resources === 'string'
+      ? resources in permissions
+      : resources.every((res) => res in permissions);
+  if (!resourceInPermissions) return false;
+
+  for (const resource of typeof resources === 'string' ? [resources] : resources) {
+    const permissionNumber = permissions[resource]!;
+
+    if (action === 'admin' && permissionNumber !== ResourceActionsMapping.admin) return false;
+    // If admin is checked all other permissions are checked
+    else if (action !== 'admin' && permissionNumber === ResourceActionsMapping.admin) continue;
+
+    // bit check
+    if (!(ResourceActionsMapping[action] & permissionNumber)) return false;
+  }
+
+  return true;
+}
+
+function switchDisabled(
+  permissions: Role['permissions'] | undefined,
+  resources: keyof Role['permissions'] | (keyof Role['permissions'])[],
+  action: ResourceActionType,
+  ability: Ability,
+) {
+  if (action === 'admin' && !ability.can('admin', resources)) return true;
+
+  if (!permissions) return false;
+
+  const resourceInPermissions =
+    typeof resources === 'string'
+      ? resources in permissions
+      : resources.every((res) => res in permissions);
+  if (!resourceInPermissions) return false;
+
+  for (const resource of typeof resources === 'string' ? [resources] : resources) {
+    const permissionNumber = permissions[resource]!;
+    if (permissionNumber === ResourceActionsMapping.admin && action !== 'admin') return true;
+  }
+
+  return false;
+}
+
+export type ResourceFormEntries = Record<ResourceType, Record<ResourceActionType, boolean>>;
+
+export function formDataToPermissions(values: ResourceFormEntries) {
+  return Object.fromEntries(
+    Object.entries(values).map(([resource, actions]) => [
+      resource,
+      permissionIdentifiersToNumber(
+        Object.entries(actions)
+          .filter(([_, enabled]) => enabled)
+          .map(([action]) => action as ResourceActionType),
+      ),
+    ]),
+  ) as Record<ResourceType, number>;
+}
+
+type PermissionCategory = {
+  key: string;
+  title: string;
+  resource: ResourceType;
+  permissions: {
+    key: string;
+    title: string;
+    description: string;
+    permission: ResourceActionType;
+  }[];
+};
+
+export function permissionsToFormData(
+  options: PermissionCategory[],
+  permissions: Role['permissions'],
+) {
+  return Object.fromEntries(
+    options.map((entry) => [
+      entry.resource,
+      Object.fromEntries(
+        entry.permissions.map(({ permission }) => [
+          permission,
+          switchChecked(permissions, entry.resource, permission),
+        ]),
+      ),
+    ]),
+  );
+}
+
+export const ResourcePermissionInputs: React.FC<{
+  pathPrefix?: (string | number)[];
+  options: PermissionCategory[];
+  permissions: Role['permissions'];
+}> = ({ pathPrefix = [], options, permissions }) => {
+  const ability = useAbilityStore((store) => store.ability);
+
+  return (
+    <>
+      {options.map((permissionCategory) => (
+        <Fragment key={permissionCategory.key}>
+          <Typography.Title type="secondary" level={5}>
+            {permissionCategory.title}
+          </Typography.Title>
+          {permissionCategory.permissions.map((permission, idx) => (
+            <Fragment key={permission.key}>
+              <Row align="top" justify="space-between" wrap={false}>
+                <Space orientation="vertical" size={0}>
+                  <Typography.Text strong>{permission.title}</Typography.Text>
+                  <Typography.Text type="secondary">{permission.description}</Typography.Text>
+                </Space>
+                <Form.Item
+                  valuePropName="checked"
+                  name={[...pathPrefix, permissionCategory.resource, permission.permission]}
+                >
+                  <Switch
+                    disabled={switchDisabled(
+                      permissions,
+                      permissionCategory.resource,
+                      permission.permission,
+                      ability,
+                    )}
+                  />
+                </Form.Item>
+              </Row>
+              {idx < permissionCategory.permissions.length - 1 && (
+                <Divider style={{ marginTop: '10px', marginBottom: '10px' }} />
+              )}
+            </Fragment>
+          ))}
+          <br />
+        </Fragment>
+      ))}
+    </>
+  );
+};