github-mirror/BookStack
github-mirror/BookStack
2
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-04-17 08:49:00 +08:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Started work on API token controls

Browse Source 
- Added access-api permission.
- Started user profile UI work.
- Created database table and model for tokens.
- Fixed incorrect templates down migration :(
This commit is contained in:
Dan Brown 2019-12-29 13:02:26 +00:00
parent 04137e7c98
commit d336ba6874
No known key found for this signature in database
GPG Key ID: 46D9F943C24A2EF9
10 changed files with 143 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
app/Api/ApiToken.php Normal file
View File

@ -0,0 +1,9 @@
<?php namespace BookStack\Api;
use Illuminate\Database\Eloquent\Model;
class ApiToken extends Model
{
protected $fillable = ['name', 'expires_at'];
}

21
app/Auth/User.php
View File

@ -1,5 +1,6 @@
<?php namespace BookStack\Auth; <?php namespace BookStack\Auth;
use BookStack\Api\ApiToken;
use BookStack\Model; use BookStack\Model;
use BookStack\Notifications\ResetPassword; use BookStack\Notifications\ResetPassword;
use BookStack\Uploads\Image; use BookStack\Uploads\Image;
@ -9,6 +10,7 @@ use Illuminate\Auth\Passwords\CanResetPassword;
use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract; use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
use Illuminate\Contracts\Auth\CanResetPassword as CanResetPasswordContract; use Illuminate\Contracts\Auth\CanResetPassword as CanResetPasswordContract;
use Illuminate\Database\Eloquent\Relations\BelongsToMany; use Illuminate\Database\Eloquent\Relations\BelongsToMany;
use Illuminate\Database\Eloquent\Relations\HasMany;
use Illuminate\Notifications\Notifiable; use Illuminate\Notifications\Notifiable;
/** /**
@ -218,19 +220,26 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
} }
/** /**
* Get the url for editing this user. * Get the API tokens assigned to this user.
* @return string
*/ */
public function getEditUrl() public function apiTokens(): HasMany
{ {
return url('/settings/users/' . $this->id); return $this->hasMany(ApiToken::class);
}
/**
* Get the url for editing this user.
*/
public function getEditUrl(string $path = ''): string
{
$uri = '/settings/users/' . $this->id . '/' . trim($path, '/');
return url(rtrim($uri, '/'));
} }
/** /**
* Get the url that links to this user's profile. * Get the url that links to this user's profile.
* @return mixed
*/ */
public function getProfileUrl() public function getProfileUrl(): string
{ {
return url('/user/' . $this->id); return url('/user/' . $this->id);
} }

20
app/Http/Controllers/UserApiTokenController.php Normal file
View File

@ -0,0 +1,20 @@
<?php namespace BookStack\Http\Controllers;
use Illuminate\Http\Request;
class UserApiTokenController extends Controller
{
/**
* Show the form to create a new API token.
*/
public function create(int $userId)
{
$this->checkPermission('access-api');
// TODO - Form
return 'test';
}
}

14
app/Http/Controllers/UserController.php
View File

@ -116,22 +116,24 @@ class UserController extends Controller
/** /**
* Show the form for editing the specified user. * Show the form for editing the specified user.
* @param int $id
* @param \BookStack\Auth\Access\SocialAuthService $socialAuthService
* @return Response
*/ */
public function edit($id, SocialAuthService $socialAuthService) public function edit(int $id, SocialAuthService $socialAuthService)
{ {
$this->checkPermissionOrCurrentUser('users-manage', $id); $this->checkPermissionOrCurrentUser('users-manage', $id);
$user = $this->user->findOrFail($id); $user = $this->user->newQuery()->with(['apiTokens'])->findOrFail($id);
$authMethod = ($user->system_name) ? 'system' : config('auth.method'); $authMethod = ($user->system_name) ? 'system' : config('auth.method');
$activeSocialDrivers = $socialAuthService->getActiveDrivers(); $activeSocialDrivers = $socialAuthService->getActiveDrivers();
$this->setPageTitle(trans('settings.user_profile')); $this->setPageTitle(trans('settings.user_profile'));
$roles = $this->userRepo->getAllRoles(); $roles = $this->userRepo->getAllRoles();
return view('users.edit', ['user' => $user, 'activeSocialDrivers' => $activeSocialDrivers, 'authMethod' => $authMethod, 'roles' => $roles]); return view('users.edit', [
'user' => $user,
'activeSocialDrivers' => $activeSocialDrivers,
'authMethod' => $authMethod,
'roles' => $roles
]);
} }
/** /**

4
database/migrations/2019_07_07_112515_add_template_support.php
View File

@ -46,9 +46,9 @@ class AddTemplateSupport extends Migration
// Remove templates-manage permission // Remove templates-manage permission
$templatesManagePermission = DB::table('role_permissions') $templatesManagePermission = DB::table('role_permissions')
->where('name', '=', 'templates_manage')->first(); ->where('name', '=', 'templates-manage')->first();
DB::table('permission_role')->where('permission_id', '=', $templatesManagePermission->id)->delete(); DB::table('permission_role')->where('permission_id', '=', $templatesManagePermission->id)->delete();
DB::table('role_permissions')->where('name', '=', 'templates_manage')->delete(); DB::table('role_permissions')->where('name', '=', 'templates-manage')->delete();
} }
} }

59
database/migrations/2019_12_29_120917_add_api_auth.php Normal file
View File

@ -0,0 +1,59 @@
<?php
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Carbon;
use Illuminate\Support\Facades\Schema;
class AddApiAuth extends Migration
{
/**
* Run the migrations.
*
* @return void
*/
public function up()
{
// Add API tokens table
Schema::create('api_tokens', function(Blueprint $table) {
$table->increments('id');
$table->string('client_id')->index();
$table->string('client_secret');
$table->integer('user_id')->unsigned()->index();
$table->timestamp('expires_at')->index();
$table->nullableTimestamps();
});
// Add access-api permission
$adminRoleId = DB::table('roles')->where('system_name', '=', 'admin')->first()->id;
$permissionId = DB::table('role_permissions')->insertGetId([
'name' => 'access-api',
'display_name' => 'Access system API',
'created_at' => Carbon::now()->toDateTimeString(),
'updated_at' => Carbon::now()->toDateTimeString()
]);
DB::table('permission_role')->insert([
'role_id' => $adminRoleId,
'permission_id' => $permissionId
]);
}
/**
* Reverse the migrations.
*
* @return void
*/
public function down()
{
// Remove API tokens table
Schema::dropIfExists('api_tokens');
// Remove access-api permission
$apiAccessPermission = DB::table('role_permissions')
->where('name', '=', 'access-api')->first();
DB::table('permission_role')->where('permission_id', '=', $apiAccessPermission->id)->delete();
DB::table('role_permissions')->where('name', '=', 'access-api')->delete();
}
}

6
resources/lang/en/settings.php
View File

@ -103,6 +103,7 @@ return [
'role_manage_entity_permissions' => 'Manage all book, chapter & page permissions', 'role_manage_entity_permissions' => 'Manage all book, chapter & page permissions',
'role_manage_own_entity_permissions' => 'Manage permissions on own book, chapter & pages', 'role_manage_own_entity_permissions' => 'Manage permissions on own book, chapter & pages',
'role_manage_page_templates' => 'Manage page templates', 'role_manage_page_templates' => 'Manage page templates',
'role_access_api' => 'Access system API',
'role_manage_settings' => 'Manage app settings', 'role_manage_settings' => 'Manage app settings',
'role_asset' => 'Asset Permissions', 'role_asset' => 'Asset Permissions',
'role_asset_desc' => 'These permissions control default access to the assets within the system. Permissions on Books, Chapters and Pages will override these permissions.', 'role_asset_desc' => 'These permissions control default access to the assets within the system. Permissions on Books, Chapters and Pages will override these permissions.',
@ -151,6 +152,11 @@ return [
'users_social_disconnect' => 'Disconnect Account', 'users_social_disconnect' => 'Disconnect Account',
'users_social_connected' => ':socialAccount account was successfully attached to your profile.', 'users_social_connected' => ':socialAccount account was successfully attached to your profile.',
'users_social_disconnected' => ':socialAccount account was successfully disconnected from your profile.', 'users_social_disconnected' => ':socialAccount account was successfully disconnected from your profile.',
'users_api_tokens' => 'API Tokens',
'users_api_tokens_none' => 'No API tokens have been created for this user',
'users_api_tokens_create' => 'Create Token',
// API Tokens
//! If editing translations files directly please ignore this in all //! If editing translations files directly please ignore this in all
//! languages apart from en. Content will be auto-copied from en. //! languages apart from en. Content will be auto-copied from en.

3
resources/views/settings/roles/form.blade.php
View File

@ -34,12 +34,13 @@
<a href="#" permissions-table-toggle-all class="text-small text-primary">{{ trans('common.toggle_all') }}</a> <a href="#" permissions-table-toggle-all class="text-small text-primary">{{ trans('common.toggle_all') }}</a>
</div> </div>
<div class="toggle-switch-list"> <div class="toggle-switch-list">
<div>@include('settings.roles.checkbox', ['permission' => 'settings-manage', 'label' => trans('settings.role_manage_settings')])</div>
<div>@include('settings.roles.checkbox', ['permission' => 'users-manage', 'label' => trans('settings.role_manage_users')])</div> <div>@include('settings.roles.checkbox', ['permission' => 'users-manage', 'label' => trans('settings.role_manage_users')])</div>
<div>@include('settings.roles.checkbox', ['permission' => 'user-roles-manage', 'label' => trans('settings.role_manage_roles')])</div> <div>@include('settings.roles.checkbox', ['permission' => 'user-roles-manage', 'label' => trans('settings.role_manage_roles')])</div>
<div>@include('settings.roles.checkbox', ['permission' => 'restrictions-manage-all', 'label' => trans('settings.role_manage_entity_permissions')])</div> <div>@include('settings.roles.checkbox', ['permission' => 'restrictions-manage-all', 'label' => trans('settings.role_manage_entity_permissions')])</div>
<div>@include('settings.roles.checkbox', ['permission' => 'restrictions-manage-own', 'label' => trans('settings.role_manage_own_entity_permissions')])</div> <div>@include('settings.roles.checkbox', ['permission' => 'restrictions-manage-own', 'label' => trans('settings.role_manage_own_entity_permissions')])</div>
<div>@include('settings.roles.checkbox', ['permission' => 'templates-manage', 'label' => trans('settings.role_manage_page_templates')])</div> <div>@include('settings.roles.checkbox', ['permission' => 'templates-manage', 'label' => trans('settings.role_manage_page_templates')])</div>
<div>@include('settings.roles.checkbox', ['permission' => 'settings-manage', 'label' => trans('settings.role_manage_settings')])</div> <div>@include('settings.roles.checkbox', ['permission' => 'access-api', 'label' => trans('settings.role_access_api')])</div>
</div> </div>
</div> </div>

19
resources/views/users/edit.blade.php
View File

@ -87,6 +87,25 @@
</div> </div>
</section> </section>
@endif @endif
{{-- TODO - Review Control--}}
@if(($currentUser->id === $user->id && userCan('access-api')) || userCan('manage-users'))
<section class="card content-wrap auto-height">
<div class="grid half">
<div><h2 class="list-heading">{{ trans('settings.users_api_tokens') }}</h2></div>
<div class="text-right pt-xs">
@if(userCan('access-api'))
<a href="{{ $user->getEditUrl('/create-api-token') }}" class="button outline">{{ trans('settings.users_api_tokens_create') }}</a>
@endif
</div>
</div>
@if (count($user->apiTokens) > 0)
@else
<p class="text-muted italic py-m">{{ trans('settings.users_api_tokens_none') }}</p>
@endif
</section>
@endif
</div> </div>
@stop @stop

3
routes/web.php
View File

@ -187,6 +187,9 @@ Route::group(['middleware' => 'auth'], function () {
Route::put('/users/{id}', 'UserController@update'); Route::put('/users/{id}', 'UserController@update');
Route::delete('/users/{id}', 'UserController@destroy'); Route::delete('/users/{id}', 'UserController@destroy');
// User API Tokens
Route::get('/users/{userId}/create-api-token', 'UserApiTokenController@create');
// Roles // Roles
Route::get('/roles', 'PermissionController@listRoles'); Route::get('/roles', 'PermissionController@listRoles');
Route::get('/roles/new', 'PermissionController@createRole'); Route::get('/roles/new', 'PermissionController@createRole');