rights system
This commit is contained in:
Matthias Hochmeister
@@ -212,53 +212,6 @@ INSERT INTO group_permissions (authentik_group, permission_id) VALUES
|
||||
('dashboard_kommando', 'admin:view')
|
||||
ON CONFLICT DO NOTHING;
|
||||
|
||||
-- ── dashboard_gruppenfuehrer — write level for most ──
|
||||
INSERT INTO group_permissions (authentik_group, permission_id) VALUES
|
||||
-- Kalender
|
||||
('dashboard_gruppenfuehrer', 'kalender:view'),
|
||||
('dashboard_gruppenfuehrer', 'kalender:create'),
|
||||
('dashboard_gruppenfuehrer', 'kalender:mark_attendance'),
|
||||
('dashboard_gruppenfuehrer', 'kalender:create_bookings'),
|
||||
('dashboard_gruppenfuehrer', 'kalender:edit_bookings'),
|
||||
('dashboard_gruppenfuehrer', 'kalender:cancel_own_bookings'),
|
||||
('dashboard_gruppenfuehrer', 'kalender:manage_categories'),
|
||||
('dashboard_gruppenfuehrer', 'kalender:widget_events'),
|
||||
('dashboard_gruppenfuehrer', 'kalender:widget_bookings'),
|
||||
('dashboard_gruppenfuehrer', 'kalender:widget_quick_add'),
|
||||
-- Fahrzeuge
|
||||
('dashboard_gruppenfuehrer', 'fahrzeuge:view'),
|
||||
('dashboard_gruppenfuehrer', 'fahrzeuge:change_status'),
|
||||
('dashboard_gruppenfuehrer', 'fahrzeuge:manage_maintenance'),
|
||||
('dashboard_gruppenfuehrer', 'fahrzeuge:widget'),
|
||||
-- Einsätze
|
||||
('dashboard_gruppenfuehrer', 'einsaetze:view'),
|
||||
('dashboard_gruppenfuehrer', 'einsaetze:create'),
|
||||
('dashboard_gruppenfuehrer', 'einsaetze:manage_personnel'),
|
||||
-- Ausrüstung
|
||||
('dashboard_gruppenfuehrer', 'ausruestung:view'),
|
||||
('dashboard_gruppenfuehrer', 'ausruestung:create'),
|
||||
('dashboard_gruppenfuehrer', 'ausruestung:manage_maintenance'),
|
||||
('dashboard_gruppenfuehrer', 'ausruestung:widget'),
|
||||
-- Mitglieder
|
||||
('dashboard_gruppenfuehrer', 'mitglieder:view_own'),
|
||||
('dashboard_gruppenfuehrer', 'mitglieder:view_all'),
|
||||
-- Atemschutz
|
||||
('dashboard_gruppenfuehrer', 'atemschutz:view'),
|
||||
('dashboard_gruppenfuehrer', 'atemschutz:create'),
|
||||
('dashboard_gruppenfuehrer', 'atemschutz:widget'),
|
||||
-- Wissen
|
||||
('dashboard_gruppenfuehrer', 'wissen:view'),
|
||||
('dashboard_gruppenfuehrer', 'wissen:widget_recent'),
|
||||
('dashboard_gruppenfuehrer', 'wissen:widget_search'),
|
||||
-- Vikunja
|
||||
('dashboard_gruppenfuehrer', 'vikunja:create_tasks'),
|
||||
('dashboard_gruppenfuehrer', 'vikunja:widget_tasks'),
|
||||
('dashboard_gruppenfuehrer', 'vikunja:widget_quick_add'),
|
||||
-- Dashboard
|
||||
('dashboard_gruppenfuehrer', 'dashboard:widget_links'),
|
||||
('dashboard_gruppenfuehrer', 'dashboard:widget_banner')
|
||||
ON CONFLICT DO NOTHING;
|
||||
|
||||
-- ── dashboard_fahrmeister — vehicle specialist ──
|
||||
INSERT INTO group_permissions (authentik_group, permission_id) VALUES
|
||||
-- Kalender
|
||||
|
||||
@@ -96,7 +96,6 @@ export function resolveRequestRole(req: Request): AppRole {
|
||||
if (groups.includes('dashboard_admin')) return 'admin';
|
||||
if (groups.includes('dashboard_kommando')) return 'kommandant';
|
||||
if (
|
||||
groups.includes('dashboard_gruppenfuehrer') ||
|
||||
groups.includes('dashboard_fahrmeister') ||
|
||||
groups.includes('dashboard_zeugmeister') ||
|
||||
groups.includes('dashboard_chargen')
|
||||
@@ -112,7 +111,7 @@ export function getUserRole(_userId: string): Promise<AppRole> {
|
||||
export function roleFromGroups(groups: string[]): AppRole {
|
||||
if (groups.includes('dashboard_admin')) return 'admin';
|
||||
if (groups.includes('dashboard_kommando')) return 'kommandant';
|
||||
if (groups.includes('dashboard_gruppenfuehrer') || groups.includes('dashboard_fahrmeister') || groups.includes('dashboard_zeugmeister') || groups.includes('dashboard_chargen')) return 'gruppenfuehrer';
|
||||
if (groups.includes('dashboard_fahrmeister') || groups.includes('dashboard_zeugmeister') || groups.includes('dashboard_chargen')) return 'gruppenfuehrer';
|
||||
return 'mitglied';
|
||||
}
|
||||
|
||||
|
||||
@@ -3,13 +3,12 @@ import logger from '../utils/logger';
|
||||
|
||||
// Default configs — used when no DB config exists yet
|
||||
const DEFAULT_GROUP_HIERARCHY: Record<string, string[]> = {
|
||||
'dashboard_mitglied': ['dashboard_chargen', 'dashboard_atemschutz', 'dashboard_moderator', 'dashboard_zeugmeister', 'dashboard_fahrmeister', 'dashboard_gruppenfuehrer', 'dashboard_kommando'],
|
||||
'dashboard_chargen': ['dashboard_gruppenfuehrer', 'dashboard_kommando'],
|
||||
'dashboard_mitglied': ['dashboard_chargen', 'dashboard_atemschutz', 'dashboard_moderator', 'dashboard_zeugmeister', 'dashboard_fahrmeister', 'dashboard_kommando'],
|
||||
'dashboard_chargen': ['dashboard_kommando'],
|
||||
'dashboard_atemschutz': ['dashboard_kommando'],
|
||||
'dashboard_moderator': ['dashboard_kommando'],
|
||||
'dashboard_zeugmeister': ['dashboard_kommando'],
|
||||
'dashboard_fahrmeister': ['dashboard_kommando'],
|
||||
'dashboard_gruppenfuehrer': ['dashboard_kommando'],
|
||||
'dashboard_kommando': [],
|
||||
};
|
||||
|
||||
|
||||
Reference in New Issue
Block a user