From 725d4d1729d146dc90b8ba037196c73e1133d79d Mon Sep 17 00:00:00 2001 From: Matthias Hochmeister Date: Mon, 23 Mar 2026 12:18:46 +0100 Subject: [PATCH] rights system --- .../src/controllers/permission.controller.ts | 15 ++++++++++++ backend/src/routes/permission.routes.ts | 1 + backend/src/services/permission.service.ts | 6 +++++ .../components/admin/PermissionMatrixTab.tsx | 24 ++++++++++++++++++- frontend/src/services/permissions.ts | 4 ++++ 5 files changed, 49 insertions(+), 1 deletion(-) diff --git a/backend/src/controllers/permission.controller.ts b/backend/src/controllers/permission.controller.ts index dc3b0fc..15740f9 100644 --- a/backend/src/controllers/permission.controller.ts +++ b/backend/src/controllers/permission.controller.ts @@ -76,6 +76,21 @@ class PermissionController { } } + /** + * DELETE /api/admin/permissions/group/:groupName + * Removes a group and all its permissions from the matrix. + */ + async deleteGroup(req: Request, res: Response): Promise { + try { + const groupName = req.params.groupName as string; + await permissionService.deleteGroup(groupName); + res.json({ success: true, message: 'Gruppe entfernt' }); + } catch (error) { + logger.error('Failed to delete group', { error }); + res.status(500).json({ success: false, message: 'Fehler beim Entfernen der Gruppe' }); + } + } + /** * PUT /api/admin/permissions/bulk * Bulk-update permissions for multiple groups in one request. diff --git a/backend/src/routes/permission.routes.ts b/backend/src/routes/permission.routes.ts index d24f48c..ff67ef7 100644 --- a/backend/src/routes/permission.routes.ts +++ b/backend/src/routes/permission.routes.ts @@ -15,6 +15,7 @@ router.get('/admin/unknown-groups', authenticate, requirePermission('admin:view' router.get('/admin/config', authenticate, requirePermission('admin:view'), permissionController.getDependencyConfig.bind(permissionController)); router.put('/admin/config', authenticate, requirePermission('admin:write'), permissionController.setDependencyConfig.bind(permissionController)); router.put('/admin/group/:groupName', authenticate, requirePermission('admin:write'), permissionController.setGroupPermissions.bind(permissionController)); +router.delete('/admin/group/:groupName', authenticate, requirePermission('admin:write'), permissionController.deleteGroup.bind(permissionController)); router.put('/admin/bulk', authenticate, requirePermission('admin:write'), permissionController.setBulkPermissions.bind(permissionController)); router.put('/admin/maintenance/:featureGroupId', authenticate, requirePermission('admin:write'), permissionController.setMaintenanceFlag.bind(permissionController)); diff --git a/backend/src/services/permission.service.ts b/backend/src/services/permission.service.ts index 4398262..67e7cb7 100644 --- a/backend/src/services/permission.service.ts +++ b/backend/src/services/permission.service.ts @@ -238,6 +238,12 @@ class PermissionService { } } + async deleteGroup(group: string): Promise { + await pool.query('DELETE FROM group_permissions WHERE authentik_group = $1', [group]); + await this.loadCache(); + logger.info('Group deleted from permissions', { group }); + } + /** * Bulk-update permissions for multiple groups in a single transaction. * Reloads cache once at the end. diff --git a/frontend/src/components/admin/PermissionMatrixTab.tsx b/frontend/src/components/admin/PermissionMatrixTab.tsx index 742c143..759c2d3 100644 --- a/frontend/src/components/admin/PermissionMatrixTab.tsx +++ b/frontend/src/components/admin/PermissionMatrixTab.tsx @@ -147,6 +147,17 @@ function PermissionMatrixTab() { onError: () => showError('Fehler beim Hinzufügen der Gruppe'), }); + const deleteGroupMutation = useMutation({ + mutationFn: (groupName: string) => permissionsApi.deleteGroup(groupName), + onSuccess: () => { + queryClient.invalidateQueries({ queryKey: ['admin-permission-matrix'] }); + queryClient.invalidateQueries({ queryKey: ['admin-unknown-groups'] }); + queryClient.invalidateQueries({ queryKey: ['my-permissions'] }); + showSuccess('Gruppe entfernt'); + }, + onError: () => showError('Fehler beim Entfernen der Gruppe'), + }); + const depConfigMutation = useMutation({ mutationFn: (config: { groupHierarchy?: Record; permissionDeps?: Record }) => permissionsApi.setDependencyConfig(config), @@ -362,7 +373,18 @@ function PermissionMatrixTab() { {nonAdminGroups.map(g => ( - {g.replace('dashboard_', '')} + + {g.replace('dashboard_', '')} + + { + if (window.confirm(`Gruppe "${g}" und alle zugehörigen Berechtigungen wirklich entfernen?`)) { + deleteGroupMutation.mutate(g); + } + }} sx={{ opacity: 0.4, '&:hover': { opacity: 1, color: 'error.main' } }}> + + + + ))} diff --git a/frontend/src/services/permissions.ts b/frontend/src/services/permissions.ts index d08a63c..91a3649 100644 --- a/frontend/src/services/permissions.ts +++ b/frontend/src/services/permissions.ts @@ -21,6 +21,10 @@ export const permissionsApi = { await api.put(`/api/permissions/admin/group/${encodeURIComponent(group)}`, { permissions }); }, + deleteGroup: async (group: string): Promise => { + await api.delete(`/api/permissions/admin/group/${encodeURIComponent(group)}`); + }, + setBulkPermissions: async (updates: { group: string; permissions: string[] }[]): Promise => { await api.put('/api/permissions/admin/bulk', { updates }); },