rbac and licenses

public/javascript/rbacAPI.js

@@ -42,6 +42,11 @@ const RBAC = {
   createRole: (name) => api('/api/rbac/role/create', 'POST', { name }),
   deleteRole: (id) => api(`/api/rbac/role/${id}`, 'DELETE'),
 
+  // 🎭 PERMISSIONS
+  loadPermissions: () => api('/api/rbac/permission/get', 'POST'),
+  createPermission: (data) => api('/api/rbac/permission/create', 'POST', data),
+  deletePermission: (id) => api(`/api/rbac/permission/${id}`, 'DELETE'),
+
   // 🔗 ASSIGNMENTS
   addUserToGroup: (authGuid, groupGuid) => api('/api/rbac/group/add-user', 'POST', { authGuid, groupGuid }),
   addUserToRole: (authGuid, roleId) => api('/api/rbac/role/add-user', 'POST', { authGuid, roleId }),
@@ -115,7 +120,7 @@ function createDropZone(el, type, target) {
 // 📋 TABLE (USERS)
 //////////////////////////////
 
-const rbacVT = virtualTable({
+const rbacUsersVT = virtualTable({
   tableEl: document.querySelector('#rbacUsersTable'),
   data: [],
   rowHeight: 20,
@@ -177,13 +182,81 @@ const rbacVT = virtualTable({
   }
 });
 
+
+
+//////////////////////////////
+// 📋 TABLE (PERMISSIONS)
+//////////////////////////////
+
+const rbacPermissionsVT = virtualTable({
+  tableEl: document.querySelector('#rbacPermissionsTable'),
+  data: [],
+  rowHeight: 20,
+  buffer: 5,
+  groupKey: 'Scope',  
+  rowKey: 'ID',
+  filterConfig: {
+    hideCounter: true,
+    exceptedColumns: ['', 'ID']
+  },
+
+  customRender: (row, tr) => {
+
+    createDragZone(tr, row, 'user');
+
+    tr.addEventListener('contextmenu', (evt) => {
+      evt.preventDefault();
+
+      ctx.setItems([
+        {
+          label: "Details",
+          onClick: () => showAuthDetails(row.ObjectGUID)
+        }
+      ]);
+
+      ctx.show(evt.pageX + 5, { y: evt.pageY + 5 });
+    });
+
+    createTd(tr, 
+      `<button class="redbutton" 
+        ${row['ID'] === 1 ? 
+            'disabled data-tooltip="Die SYSTEM-Berechtigung kann nicht gelöscht werden"' : 
+            ''
+        }>X</button>`, { 
+      styles: { 
+        'position': 'sticky', 
+        'left': '0px', 
+        'max-width': '20px', 
+        'z-index': '2'
+      }, classes: [ 
+        'text-align:left' 
+      ], onclick: () => {
+        if(row['ID'] === 1) return;
+        deletePermission(row['ID'], `${row['Scope']}.${row['Resource']}.${row['Action']}`);
+      } 
+    });
+    createTd(tr, row['ID'], { classes: [ 'text-align:left' ], styles: { 'max-width': '100px' } } );
+    createTd(tr, row['Scope'], { classes: [ 'text-align:left' ] });
+    createTd(tr, row['Resource'], { classes: [ 'text-align:center' ] });
+    createTd(tr, row['Action'], { classes: [ 'text-align:center' ] });
+  }
+});
+
 //////////////////////////////
 // 📥 LOADERS
 //////////////////////////////
 
 async function loadUsers() {
   try {
-    rbacVT.source(await RBAC.loadUsers());
+    rbacUsersVT.source(await RBAC.loadUsers());
+  } catch (err) {
+    console.error(err);
+  }
+}
+
+async function loadPermissions() {
+  try {
+    rbacPermissionsVT.source(await RBAC.loadPermissions());
   } catch (err) {
     console.error(err);
   }
@@ -273,6 +346,7 @@ async function loadRoles() {
 }
 
 
+
 //////////////////////////////
 // 👤 USER ACTIONS
 //////////////////////////////
@@ -307,6 +381,9 @@ async function deleteUser(guid, name) {
           const user = await RBAC.deleteUser(guid);
           sendUserEvent('RBAC', `Benutzer ${user.sAMAccountName || ''} [${user.ObjectGUID}] gelöscht`, null, 0);
           loadUsers();
+          loadGroups();
+          loadRoles();
+          loadPermissions();
         }
       }
     }
@@ -331,6 +408,8 @@ async function deleteGroup(guid, name) {
           sendUserEvent('RBAC', `Du hast die Gruppe ${name || ''} [${group.ObjectGUID}] gelöscht`, null, 0);
           loadUsers();
           loadGroups();
+          loadRoles();
+          loadPermissions();
         }
       }
     }
@@ -369,19 +448,65 @@ async function deleteRole(id, name) {
 
           sendUserEvent('RBAC', `Rolle ${name} gelöscht`, null, 0);
 
+          loadUsers();
+          loadGroups();
           loadRoles();
-          loadUsers(); // optional, falls RoleCount betroffen
+          loadPermissions(); // optional, falls RoleCount betroffen
         }
       }
     }
   });
 }
 
+
+//////////////////////////////
+// 🎭 PERMISSION ACTIONS
+//////////////////////////////
+
+async function createPermission() {
+  const scope = document.getElementById('permScope').value;
+  const resource = document.getElementById('permResource').value;
+  const action = document.getElementById('permAction').value;
+  
+  if (!scope || !resource || !action) return;
+
+
+  const permission = await RBAC.createPermission( { scope, resource, action } );
+
+  sendUserEvent('RBAC', `Berechtigung ${scope}.${resource}.${action} angelegt`, null, 0);
+  loadPermissions();
+}
+
+
+async function deletePermission(id, name) {
+  feedbox({
+    title: `<span>Berechtigung löschen</span>`,
+    message: `Möchtest du die Berechtigung <b style="color:red;">${name}</b> wirklich löschen`,
+    buttons: {
+      no: { text: 'Nein' },
+      yes: {
+        text: '<b style=color:red>Ja</b>',
+        onClick: async () => {
+          await RBAC.deletePermission(id);
+
+          sendUserEvent('RBAC', `Berechtigung ${name} gelöscht`, null, 0);
+
+          loadUsers();
+          loadGroups();
+          loadRoles();
+          loadPermissions();
+        }
+      }
+    }
+  });
+}
+
+
 //////////////////////////////
 // 🚀 INIT
 //////////////////////////////
 
-loadUsers();
-loadGroups();
-loadRoles();
-
+          loadUsers();
+          loadGroups();
+          loadRoles();
+          loadPermissions();