Implement RBAC

2024-10-04 10:31:09 +02:00 · 2024-10-04 10:31:09 +02:00 · 70afa170ec
commit 70afa170ec
parent 5251a637de
5 changed files with 30 additions and 2 deletions
--- a/api/db/migrations/20241004081930_add_roles_to_user/migration.sql
+++ b/api/db/migrations/20241004081930_add_roles_to_user/migration.sql
@ -0,0 +1,22 @@
+-- RedefineTables
+PRAGMA defer_foreign_keys=ON;
+PRAGMA foreign_keys=OFF;
+CREATE TABLE "new_User" (
+    "id" INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+    "email" TEXT NOT NULL,
+    "firstName" TEXT,
+    "lastName" TEXT,
+    "hashedPassword" TEXT,
+    "salt" TEXT,
+    "resetToken" TEXT,
+    "resetTokenExpiresAt" DATETIME,
+    "createdAt" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "updatedAt" DATETIME NOT NULL,
+    "roles" TEXT NOT NULL DEFAULT 'user'
+);
+INSERT INTO "new_User" ("createdAt", "email", "firstName", "hashedPassword", "id", "lastName", "resetToken", "resetTokenExpiresAt", "salt", "updatedAt") SELECT "createdAt", "email", "firstName", "hashedPassword", "id", "lastName", "resetToken", "resetTokenExpiresAt", "salt", "updatedAt" FROM "User";
+DROP TABLE "User";
+ALTER TABLE "new_User" RENAME TO "User";
+CREATE UNIQUE INDEX "User_email_key" ON "User"("email");
+PRAGMA foreign_keys=ON;
+PRAGMA defer_foreign_keys=OFF;
--- a/api/db/schema.prisma
+++ b/api/db/schema.prisma
@ -35,6 +35,7 @@ model User {
  resetTokenExpiresAt DateTime?
  createdAt           DateTime   @default(now())
  updatedAt           DateTime   @updatedAt
+  roles               String     @default("user")
 }

 model Identity {
--- a/api/src/lib/auth.ts
+++ b/api/src/lib/auth.ts
@ -36,7 +36,7 @@ export const getCurrentUser = async (session: Decoded) => {

  return await db.user.findUnique({
    where: { id: session.id },
-    select: { id: true },
+    select: { id: true, email: true, roles: true },
  })
 }

--- a/web/src/Routes.tsx
+++ b/web/src/Routes.tsx
@ -16,7 +16,7 @@ import { useAuth } from './auth'
 const Routes = () => {
  return (
    <Router useAuth={useAuth}>
-      <PrivateSet unauthenticated="home">
+      <PrivateSet unauthenticated="home" roles="admin">
        <Set wrap={ScaffoldLayout} title="Posts" titleTo="posts" buttonLabel="New Post" buttonTo="newPost">
          <Route path="/admin/posts/new" page={PostNewPostPage} name="newPost" />
          <Route path="/admin/posts/{id:Int}/edit" page={PostEditPostPage} name="editPost" />
--- a/web/src/pages/HomePage/HomePage.tsx
+++ b/web/src/pages/HomePage/HomePage.tsx
@ -2,7 +2,11 @@
 import { Link } from '@redwoodjs/router'
 import { Metadata } from '@redwoodjs/web'

+import { useAuth } from 'src/auth'
+
 const HomePage = () => {
+  const user = useAuth()
+
  return (
    <>
      <Metadata title="Home" description="Home page" />
@ -15,6 +19,7 @@ const HomePage = () => {
          My default route is named `home`, link to me with:
          `<Link to={routes.home()}>Home</Link>`
      */}
+      {user && user.isAuthenticated + ' ' + user.hasRole('admin')}
      <Link to={'/login'}>Login</Link>
    </>
  )