forked from coracle/flotilla
Address RBAC review feedback
This commit is contained in:
+34
-25
@@ -1,13 +1,35 @@
|
||||
import {derived, readable} from "svelte/store"
|
||||
import {first, memoize, simpleCache, sortBy, uniq} from "@welshman/lib"
|
||||
import {first, memoize, removeUndefined, simpleCache, sortBy, uniq} from "@welshman/lib"
|
||||
import {deriveArray, deriveEventsByIdForUrl} from "@welshman/store"
|
||||
import {pubkey, repository, tracker, manageRelay} from "@welshman/app"
|
||||
import {ManagementMethod, ROOM_ADMINS, ROOM_MEMBERS, getTagValue, isRelayUrl} from "@welshman/util"
|
||||
import {pubkey, repository, tracker} from "@welshman/app"
|
||||
import {
|
||||
ROOM_ADD_MEMBER,
|
||||
ROOM_REMOVE_MEMBER,
|
||||
ROOM_EDIT_META,
|
||||
ROOM_DELETE_EVENT,
|
||||
ROOM_ADMINS,
|
||||
ROOM_MEMBERS,
|
||||
getTagValue,
|
||||
isRelayUrl,
|
||||
} from "@welshman/util"
|
||||
import type {Filter, TrustedEvent} from "@welshman/util"
|
||||
import {deriveSupportedMethods} from "@app/core/state"
|
||||
|
||||
export const ROOM_ROLES = 39003
|
||||
|
||||
const ALL_ROOM_PERMISSIONS = [9000, 9001, 9002, 9005, 9009]
|
||||
export const ROOM_PERMISSION_ADD_MEMBER = ROOM_ADD_MEMBER
|
||||
export const ROOM_PERMISSION_REMOVE_MEMBER = ROOM_REMOVE_MEMBER
|
||||
export const ROOM_PERMISSION_EDIT_META = ROOM_EDIT_META
|
||||
export const ROOM_PERMISSION_DELETE_EVENT = ROOM_DELETE_EVENT
|
||||
export const ROOM_PERMISSION_BAN_USER = 9009
|
||||
|
||||
const ALL_ROOM_PERMISSIONS = [
|
||||
ROOM_PERMISSION_ADD_MEMBER,
|
||||
ROOM_PERMISSION_REMOVE_MEMBER,
|
||||
ROOM_PERMISSION_EDIT_META,
|
||||
ROOM_PERMISSION_DELETE_EVENT,
|
||||
ROOM_PERMISSION_BAN_USER,
|
||||
]
|
||||
|
||||
export type RoleAccess = "read" | "write" | "join"
|
||||
|
||||
@@ -250,11 +272,10 @@ const getMember = (members: RoomMember[], targetPubkey: string) =>
|
||||
const getResolvedRoles = (rolesByName: Map<string, RoleDefinition>, roleNames: string[]) =>
|
||||
removeUndefined(roleNames.map(name => rolesByName.get(name)))
|
||||
|
||||
const getPrimaryRole = (roles: RoleDefinition[]) =>
|
||||
first(sortBy(role => -(role.order ?? -Infinity), roles))
|
||||
export const sortRolesDesc = <T extends {order?: number}>(items: T[]) =>
|
||||
sortBy(item => -(item.order ?? -Infinity), items)
|
||||
|
||||
const removeUndefined = <T>(items: Array<T | undefined>): T[] =>
|
||||
items.filter((item): item is T => item !== undefined)
|
||||
const getPrimaryRole = (roles: RoleDefinition[]) => first(sortRolesDesc(roles))
|
||||
|
||||
const deriveRoomRoleAssignments = simpleCache(([url, h]: [string, string]) =>
|
||||
derived(
|
||||
@@ -309,18 +330,6 @@ export const deriveUserPermissions = (url: string, h: string) =>
|
||||
},
|
||||
)
|
||||
|
||||
const deriveNip86SpaceAdmin = simpleCache(([url]: [string]) =>
|
||||
readable(false, set => {
|
||||
manageRelay(url, {method: ManagementMethod.SupportedMethods, params: []})
|
||||
.then(({result = []}) => {
|
||||
set(Boolean(result.length))
|
||||
})
|
||||
.catch(() => {
|
||||
set(false)
|
||||
})
|
||||
}),
|
||||
)
|
||||
|
||||
const buildRoomSnapshots = (events: TrustedEvent[]) => {
|
||||
const latestByH = new Map<
|
||||
string,
|
||||
@@ -457,13 +466,13 @@ export const deriveUserIsSpaceAdmin = memoize((url?: string) => {
|
||||
}
|
||||
|
||||
return derived(
|
||||
[deriveSpaceRoleState(url), deriveNip86SpaceAdmin(url)],
|
||||
([$spaceRoleState, $nip86Admin]) => {
|
||||
[deriveSpaceRoleState(url), deriveSupportedMethods(url)],
|
||||
([$spaceRoleState, $supportedMethods]) => {
|
||||
if ($spaceRoleState.hasPermissionTags) {
|
||||
return $spaceRoleState.userPermissions.size > 0
|
||||
}
|
||||
|
||||
return $nip86Admin
|
||||
return $supportedMethods.length > 0
|
||||
},
|
||||
)
|
||||
})
|
||||
@@ -501,7 +510,7 @@ export const deriveUserIsRoomAdmin = (url: string, h: string) =>
|
||||
([$permissions, $isSpaceAdmin]) => $isSpaceAdmin || $permissions.size > 0,
|
||||
)
|
||||
|
||||
export const hasPermission = (url: string, h: string, kind: number) =>
|
||||
export const deriveHasPermission = (url: string, h: string, kind: number) =>
|
||||
derived(
|
||||
[deriveUserPermissions(url, h), deriveUserIsSpaceAdmin(url)],
|
||||
([$permissions, $isSpaceAdmin]) => $isSpaceAdmin || $permissions.has(kind),
|
||||
@@ -526,7 +535,7 @@ export const deriveSpaceMemberRoleInfo = (url: string) =>
|
||||
const roleInfoByPubkey = new Map<string, SpaceMemberRoleInfo>()
|
||||
|
||||
for (const [pubkey, roles] of $spaceRoleState.memberRoles.entries()) {
|
||||
const sortedRoles = sortBy(role => -(role.order ?? -Infinity), roles)
|
||||
const sortedRoles = sortRolesDesc(roles)
|
||||
const primaryRole = first(sortedRoles)
|
||||
|
||||
roleInfoByPubkey.set(pubkey, {
|
||||
|
||||
Reference in New Issue
Block a user