manuel.sowada/radixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

rbac crud

Browse Source
This commit is contained in:
Manuel Sowada
2026-04-28 16:24:21 +02:00
parent c98089e359
commit 15f3a5f80d
7 changed files with 527 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
public/javascript/customModal.js
View File

@@ -147,25 +147,25 @@ function slideOutMessage(message) {
//#region Feedbox //#region Feedbox
/** /**
* feedbox({ feedbox({
* title: `<span style="color:#f44336">⚠ Upload abbrechen?</span>`, title: `<span style="color:#f44336">⚠ Upload abbrechen?</span>`,
* message: ` message: `
* <p>Es laufen noch <b>aktive Uploads</b>.</p> <p>Es laufen noch <b>aktive Uploads</b>.</p>
* <p>Möchtest du wirklich <u>alle abbrechen</u>?</p> <p>Möchtest du wirklich <u>alle abbrechen</u>?</p>
* `, `,
* buttons: { buttons: {
* yes: { yes: {
* text: '<b>Ja</b>, abbrechen', text: '<b>Ja</b>, abbrechen',
* onClick: () => stopUploadQueue() onClick: () => stopUploadQueue()
* }, },
* no: { no: {
* text: 'Weiter hochladen' text: 'Weiter hochladen'
* }, },
* cancel: { cancel: {
* text: 'Zurück' text: 'Zurück'
* } }
* } }
*}); });
*/ */
function feedbox({ function feedbox({
title = '', title = '',

46
public/javascript/rbacAPI.js Normal file
View File

@@ -0,0 +1,46 @@
function test() {
function createInput({ id, placeholder }) {
const input = document.createElement('input');
input.type = 'text';
input.id = id;
input.style.width = 'calc(100% - 30px)';
input.placeholder = placeholder;
input.required = true;
return input;
}
const container = document.createElement('div');
container.id = 'rbacAuthCreation';
container.append(
createInput({ id: 'rbacAuthsAMAccountName', placeholder: 'sAMAccountName <Vorname.Nachname>' }),
createInput({ id: 'rbacAuthsMail', placeholder: 'E-Mail' }),
createInput({ id: 'rbacAuthsSn', placeholder: 'Vorname' }),
createInput({ id: 'rbacAuthsGivenName', placeholder: 'Nachname' })
);
feedbox({
title: `<span>Erstelle eine neue Authentifizierung</span>`,
message: container.outerHTML,
buttons: {
cancel: {
text: 'Abbrechen'
},
yes: {
text: '<b>Erstellen</b>',
onClick: () => {
fetch('/api/rbac/auths/create', {
method: 'POST',
body: JSON.stringify({
sAMAccountName: document.getElementById('rbacAuthsAMAccountName').value,
mail: document.getElementById('rbacAuthsMail').value,
sn: document.getElementById('rbacAuthsSn').value,
givenName: document.getElementById('rbacAuthsGivenName').value
})
})
}
}
},
lock: true
});
}

2
public/styles/default.css
View File

@@ -235,7 +235,7 @@ table .cb input:checked + .cb-box::after { transform:scale(1) translate(1px, 1px
/* #region Feebox */ /* #region Feebox */
.feedbox-overlay { position:fixed; top:0; left:0; width:100vw; height:100vh; display:flex; align-items:center; justify-content:center; z-index:999; } .feedbox-overlay { position:fixed; top:0; left:0; width:100vw; height:100vh; display:flex; align-items:center; justify-content:center; z-index:999; }
.feedbox { border-radius:8px; max-width:50vw; width:100%; padding:20px; animation:feedboxFadeIn 0.2s ease-out; max-height:80vh; display:flex; flex-direction:column; overflow:hidden; } .feedbox { border-radius:8px; max-width:50vw; max-width:100%; padding:20px; animation:feedboxFadeIn 0.2s ease-out; max-height:80vh; display:flex; flex-direction:column; overflow:hidden; }
.feedbox h3 { margin:0 0 10px 0; } .feedbox h3 { margin:0 0 10px 0; }
.feedbox-message { margin-bottom:20px; line-height:1.4; flex:1; overflow-y: auto; /* font-size:1rem; */ } .feedbox-message { margin-bottom:20px; line-height:1.4; flex:1; overflow-y: auto; /* font-size:1rem; */ }
.feedbox-actions { display:flex; justify-content:flex-end; gap:10px; flex-wrap:wrap; flex-shrink:0; } .feedbox-actions { display:flex; justify-content:flex-end; gap:10px; flex-wrap:wrap; flex-shrink:0; }

35
public/views/rbac.hbs
View File

@@ -0,0 +1,35 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Document</title>
</head>
<body>
<div class="container grid" style="height:100vh; grid-template-columns: 1fr 1fr;">
<div class="card static" id="rbacEntities">
</div>
<div class="card static" id="rbacEntityContent">
</div>
</div>
<div class="static" style="pointer-events:none;position:absolute; bottom:20px;right:0px;">
<button id="rbacCreateAuthentication" class="yellowbutton" onclick="test()" style="pointer-events:auto">Neuer Benutzer</button>
</div>
</body>
<script type="text/javascript">
reloadPluginScript('/javascript/rbacAPI.js');
fetch('/api/rbac/getEntities', { method: 'POST' })
.then(res => res.json())
.then(json => {
});
</script>
</html>

2
src/models/integratedStartMenuItems.json
View File

@@ -35,7 +35,7 @@
{ {
"label": "RBAC", "label": "RBAC",
"description": "Role-Based Access Control ist eine rollenbasierte Zugriffskontrolle, die auf Basis von Rollen und Gruppen, systemweite Berechtigungen vergibt", "description": "Role-Based Access Control ist eine rollenbasierte Zugriffskontrolle, die auf Basis von Rollen und Gruppen, systemweite Berechtigungen vergibt",
"view": "rbac.hbs", "view": "rbac",
"defaultSize": { "defaultSize": {
"width": "800px", "width": "800px",
"height": "600px" "height": "600px"

10
src/routes/adminRoutes.js
View File

@@ -76,6 +76,16 @@ module.exports = {
}); });
app.post('/api/rbac/getEntities', async (req, res) => {
// res.status(200).json(await service.get('rbacManager').getEntities());
})
app.post('/api/rbac/auths/create', async (req, res) => {
const { auths } = req.body;
// await service.get('rbacManager').createAuths(auths);
res.status(200).json({ ok: true });
})
app.post('/api/plugins/activation', async (req, res) => { app.post('/api/plugins/activation', async (req, res) => {
const { name, state } = req.body; const { name, state } = req.body;
let result = null; let result = null;

415
src/services/rbacManager.js
View File

@@ -232,6 +232,421 @@ class RBACManager {
resource: p.resource || null resource: p.resource || null
})); }));
} }
//#region CRUD
// =========================================================
// 👤 AUTH CRUD
// =========================================================
async createAuth(data) {
const Auth = this.db.get('authentication');
return await Auth.create({
sAMAccountName: data.sAMAccountName,
mail: data.mail,
sn: data.sn,
givenName: data.givenName,
active: true
});
}
async updateAuth(id, data) {
const Auth = this.db.get('authentication');
return await Auth.update(data, {
where: { ObjectGUID: id }
});
}
async deleteAuth(id) {
const Auth = this.db.get('authentication');
return await Auth.destroy({
where: { ObjectGUID: id }
});
}
// =========================================================
// 👥 GROUP CRUD
// =========================================================
async createGroup(data) {
const Group = this.db.get('groupsModel');
return await Group.create({
Name: data.name,
Description: data.description || null
});
}
async updateGroup(id, data) {
const Group = this.db.get('groupsModel');
return await Group.update(data, {
where: { ObjectGUID: id }
});
}
async deleteGroup(id) {
const Group = this.db.get('groupsModel');
return await Group.destroy({
where: { ObjectGUID: id }
});
}
// =========================================================
// 🔗 AUTH ↔ GROUP RELATION
// =========================================================
async addUserToGroup(authId, groupId) {
const AuthGroups = this.db.get('authenticationGroupsModel');
return await AuthGroups.create({
Authentication_ObjectGUID: authId,
Group_ObjectGUID: groupId
});
}
async removeUserFromGroup(authId, groupId) {
const AuthGroups = this.db.get('authenticationGroupsModel');
return await AuthGroups.destroy({
where: {
Authentication_ObjectGUID: authId,
Group_ObjectGUID: groupId
}
});
}
// =========================================================
// 🎭 ROLE CRUD
// =========================================================
async createRole(data) {
const Role = this.db.get('rolesModel');
return await Role.create({
Name: data.name,
Description: data.description || null
});
}
async updateRole(id, data) {
const Role = this.db.get('rolesModel');
return await Role.update(data, {
where: { ID: id }
});
}
async deleteRole(id) {
const Role = this.db.get('rolesModel');
return await Role.destroy({
where: { ID: id }
});
}
// =========================================================
// 🔗 ROLE ASSIGNMENTS
// =========================================================
async assignRoleToUser(authId, roleId) {
const AuthRoles = this.db.get('authenticationRolesModel');
return await AuthRoles.create({
Authentication_ObjectGUID: authId,
Role_ID: roleId
});
}
async assignRoleToGroup(groupId, roleId) {
const GroupRoles = this.db.get('groupRolesModel');
return await GroupRoles.create({
Group_ObjectGUID: groupId,
Role_ID: roleId
});
}
async removeRoleFromUser(authId, roleId) {
const AuthRoles = this.db.get('authenticationRolesModel');
return await AuthRoles.destroy({
where: {
Authentication_ObjectGUID: authId,
Role_ID: roleId
}
});
}
// =========================================================
// 🔐 PERMISSION CRUD
// =========================================================
async createPermission(data) {
const Permission = this.db.get('permissionModel');
return await Permission.create({
Scope: data.scope,
Resource: data.resource,
Action: data.action
});
}
async updatePermission(id, data) {
const Permission = this.db.get('permissionModel');
return await Permission.update(data, {
where: { ID: id }
});
}
async deletePermission(id) {
const Permission = this.db.get('permissionModel');
return await Permission.destroy({
where: { ID: id }
});
}
// =========================================================
// 🔗 ROLE ↔ PERMISSION
// =========================================================
async addPermissionToRole(roleId, permissionId) {
const RolePerms = this.db.get('rolePermissionsModel');
return await RolePerms.create({
Role_ID: roleId,
Permission_ID: permissionId
});
}
async removePermissionFromRole(roleId, permissionId) {
const RolePerms = this.db.get('rolePermissionsModel');
return await RolePerms.destroy({
where: {
Role_ID: roleId,
Permission_ID: permissionId
}
});
}
//#endregion
const express = require('express');
function rbacRoutes(rbac) {
const router = express.Router();
// =========================================================
// 👤 AUTH
// =========================================================
router.post('/auth/create', async (req, res) => {
try {
const user = await rbac.createAuth(req.body);
res.json(user);
} catch (err) {
res.status(500).json({ error: err.message });
}
});
router.put('/auth/:id', async (req, res) => {
try {
await rbac.updateAuth(req.params.id, req.body);
res.json({ ok: true });
} catch (err) {
res.status(500).json({ error: err.message });
}
});
router.delete('/auth/:id', async (req, res) => {
try {
await rbac.deleteAuth(req.params.id);
res.json({ ok: true });
} catch (err) {
res.status(500).json({ error: err.message });
}
});
// =========================================================
// 👥 GROUPS
// =========================================================
router.post('/group', async (req, res) => {
try {
const group = await rbac.createGroup(req.body);
res.json(group);
} catch (err) {
res.status(500).json({ error: err.message });
}
});
router.put('/group/:id', async (req, res) => {
try {
await rbac.updateGroup(req.params.id, req.body);
res.json({ ok: true });
} catch (err) {
res.status(500).json({ error: err.message });
}
});
router.delete('/group/:id', async (req, res) => {
try {
await rbac.deleteGroup(req.params.id);
res.json({ ok: true });
} catch (err) {
res.status(500).json({ error: err.message });
}
});
// =========================================================
// 🔗 USER ↔ GROUP
// =========================================================
router.post('/group/add-user', async (req, res) => {
try {
const { authId, groupId } = req.body;
await rbac.addUserToGroup(authId, groupId);
res.json({ ok: true });
} catch (err) {
res.status(500).json({ error: err.message });
}
});
router.post('/group/remove-user', async (req, res) => {
try {
const { authId, groupId } = req.body;
await rbac.removeUserFromGroup(authId, groupId);
res.json({ ok: true });
} catch (err) {
res.status(500).json({ error: err.message });
}
});
// =========================================================
// 🎭 ROLES
// =========================================================
router.post('/role', async (req, res) => {
try {
const role = await rbac.createRole(req.body);
res.json(role);
} catch (err) {
res.status(500).json({ error: err.message });
}
});
router.put('/role/:id', async (req, res) => {
try {
await rbac.updateRole(req.params.id, req.body);
res.json({ ok: true });
} catch (err) {
res.status(500).json({ error: err.message });
}
});
router.delete('/role/:id', async (req, res) => {
try {
await rbac.deleteRole(req.params.id);
res.json({ ok: true });
} catch (err) {
res.status(500).json({ error: err.message });
}
});
// =========================================================
// 🔗 ROLE ASSIGNMENTS
// =========================================================
router.post('/role/assign-user', async (req, res) => {
try {
const { authId, roleId } = req.body;
await rbac.assignRoleToUser(authId, roleId);
res.json({ ok: true });
} catch (err) {
res.status(500).json({ error: err.message });
}
});
router.post('/role/assign-group', async (req, res) => {
try {
const { groupId, roleId } = req.body;
await rbac.assignRoleToGroup(groupId, roleId);
res.json({ ok: true });
} catch (err) {
res.status(500).json({ error: err.message });
}
});
// =========================================================
// 🔐 PERMISSIONS
// =========================================================
router.post('/permission', async (req, res) => {
try {
const perm = await rbac.createPermission(req.body);
res.json(perm);
} catch (err) {
res.status(500).json({ error: err.message });
}
});
router.put('/permission/:id', async (req, res) => {
try {
await rbac.updatePermission(req.params.id, req.body);
res.json({ ok: true });
} catch (err) {
res.status(500).json({ error: err.message });
}
});
router.delete('/permission/:id', async (req, res) => {
try {
await rbac.deletePermission(req.params.id);
res.json({ ok: true });
} catch (err) {
res.status(500).json({ error: err.message });
}
});
// =========================================================
// 🔗 ROLE ↔ PERMISSION
// =========================================================
router.post('/role/add-permission', async (req, res) => {
try {
const { roleId, permissionId } = req.body;
await rbac.addPermissionToRole(roleId, permissionId);
res.json({ ok: true });
} catch (err) {
res.status(500).json({ error: err.message });
}
});
router.post('/role/remove-permission', async (req, res) => {
try {
const { roleId, permissionId } = req.body;
await rbac.removePermissionFromRole(roleId, permissionId);
res.json({ ok: true });
} catch (err) {
res.status(500).json({ error: err.message });
}
});
return router;
}
module.exports = rbacRoutes;
} }
module.exports = RBACManager; module.exports = RBACManager;