dumplingmiku/ubicloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
pykello/image-issue
ubicloud/routes/project/token.rb
Jeremy Evans 215f09541a Make access_tag only for project <-> accounts join table 
For the includers of HyperTagMethods, this changes the authorization
code and object_tag member validation code to look at the project_id
column for the object, instead of looking a row with the project and
object in the access_tag table.

This removes all calls to associate_with_project, other than
those for Account.  It removes the projects association for
the includers of HyperTagMethods, and adds a project association to
the models that didn't already have one, since there is only a single
project for each object now.

Most HyperTagMethods code is inlined into Account, since it is only
user of the code now.  Temporarily, other models will still include
HyperTagMethods for the before_destroy hook, but eventually it will
go away completely.

The associations in Projects that previous used access_tag as a join
table, are changed from many_to_many to one_to_many, except for
Account (which still uses the join table).

Project#has_resources now needs separate queries for all of the
resource classes to see if there any associated objects.

This causes a lot of fallout in the specs, but unfortunately that is
unavoidable due the extensive use of projects.first in the specs to
get the related project for the objects, as well as the extensive
use of associate_with_project.
2025-01-17 08:32:46 -08:00

106 lines
3.5 KiB
Ruby
Raw Permalink Blame History

# frozen_string_literal: true
class Clover
hash_branch(:project_prefix, "token") do |r|
r.web do
authorize("Project:token", @project.id)
token_ds = current_account
.api_keys_dataset
.where(project_id: @project.id)
.reverse(:created_at)
r.is do
r.get do
@tokens = token_ds.all
view "project/token"
end
r.post do
pat = nil
DB.transaction do
pat = ApiKey.create_personal_access_token(current_account, project: @project)
SubjectTag[project_id: @project.id, name: "Admin"].add_subject(pat.id)
end
flash["notice"] = "Created personal access token with id #{pat.ubid}"
r.redirect "#{@project.path}/token"
end
end
r.on String do |ubid|
@token = token = token_ds.with_pk(UBID.to_uuid(ubid))
r.delete true do
if token
DB.transaction do
token.destroy
@project.disassociate_subject(token.id)
end
flash["notice"] = "Personal access token deleted successfully"
end
204
end
next unless token
r.post %w[unrestrict-access restrict-access] do |action|
if action == "restrict-access"
token.restrict_token_for_project(@project.id)
flash["notice"] = "Restricted personal access token"
else
token.unrestrict_token_for_project(@project.id)
flash["notice"] = "Token access is now unrestricted"
end
r.redirect "#{@project.path}/token/#{token.ubid}/access-control"
end
r.on "access-control" do
r.get true do
uuids = {}
aces = @project.access_control_entries_dataset.where(subject_id: token.id).all
aces.each do |ace|
uuids[ace.action_id] = nil if ace.action_id
uuids[ace.object_id] = nil if ace.object_id
end
UBID.resolve_map(uuids)
@aces = aces.map do |ace|
[ace.ubid, [uuids[ace.action_id], uuids[ace.object_id]], true]
end
sort_aces!(@aces)
@action_options = {nil => [["", "All Actions"]], **ActionTag.options_for_project(@project)}
@object_options = {nil => [["", "All Objects"]], **ObjectTag.options_for_project(@project)}
view "project/access-control"
end
r.post true do
DB.transaction do
typecast_params.array!(:Hash, "aces").each do
ubid, deleted, action_id, object_id = _1.values_at("ubid", "deleted", "action", "object")
action_id = nil if action_id == ""
object_id = nil if object_id == ""
if ubid == "template"
next if deleted == "true" || (action_id.nil? && object_id.nil?)
ace = AccessControlEntry.new_with_id(project_id: @project.id, subject_id: token.id)
else
next unless (ace = AccessControlEntry[project_id: @project.id, subject_id: token.id, id: UBID.to_uuid(ubid)])
if deleted == "true"
ace.destroy
next
end
end
ace.update_from_ubids(action_id:, object_id:)
end
end
flash["notice"] = "Token access control entries saved successfully"
r.redirect "#{@project_data[:path]}/token/#{token.ubid}/access-control"
end
end
end
end
end
end
Reference in New Issue View Git Blame Copy Permalink