matthias/dashboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

rights system

Browse Source
This commit is contained in:
Matthias Hochmeister
2026-03-23 12:35:28 +01:00
parent 725d4d1729
commit 83b84664ce
2 changed files with 75 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
backend/src/services/permission.service.ts
View File

@@ -144,20 +144,30 @@ class PermissionService {
// ── Admin methods ──
async getMatrix(): Promise<MatrixData> {
const [fgResult, pResult, gpResult] = await Promise.all([
const [fgResult, pResult, gpResult, userGroupsResult] = await Promise.all([
pool.query('SELECT id, label, sort_order, maintenance FROM feature_groups ORDER BY sort_order'),
pool.query('SELECT id, feature_group_id, label, description, sort_order FROM permissions ORDER BY feature_group_id, sort_order'),
pool.query('SELECT authentik_group, permission_id FROM group_permissions'),
// Also include all dashboard_ groups from users table
pool.query(`SELECT DISTINCT g AS group_name FROM users, unnest(authentik_groups) AS g WHERE g LIKE 'dashboard_%' AND g != 'dashboard_admin'`),
]);
const grants: Record<string, string[]> = {};
const groupSet = new Set<string>();
// Add groups from group_permissions
for (const row of gpResult.rows) {
groupSet.add(row.authentik_group);
if (!grants[row.authentik_group]) grants[row.authentik_group] = [];
grants[row.authentik_group].push(row.permission_id);
}
// Also add groups from users table (they may have no permissions yet)
for (const row of userGroupsResult.rows) {
groupSet.add(row.group_name);
if (!grants[row.group_name]) grants[row.group_name] = [];
}
const maintenance: Record<string, boolean> = {};
for (const row of fgResult.rows) {
maintenance[row.id] = row.maintenance;
@@ -180,13 +190,14 @@ class PermissionService {
}
async getUnknownGroups(): Promise<string[]> {
// Groups from users table that are not yet in the permission matrix
// Groups from users table that have zero permissions assigned
// (they appear in the matrix but admin should be notified)
const result = await pool.query(`
SELECT DISTINCT g AS group_name
FROM users, unnest(authentik_groups) AS g
WHERE g LIKE 'dashboard_%'
AND g NOT IN (SELECT DISTINCT authentik_group FROM group_permissions)
AND g != 'dashboard_admin'
AND g NOT IN (SELECT DISTINCT authentik_group FROM group_permissions)
ORDER BY group_name
`);
return result.rows.map((r: any) => r.group_name);