diff --git a/README.md b/README.md index f597902..7bb62f6 100644 --- a/README.md +++ b/README.md @@ -21,4 +21,3 @@ Checkout our presentation: https://md.kabi.tk/p/H1nWPbueL ## How to contribute * You can contribute by signing pull requests and issues or programming! * Get in contact (Matrix: #errms@matrix.anghenfil.de) and check our website errms.dev and our project management tool: pm.errms.dev -* \ No newline at end of file diff --git a/migrations/2020-05-12-003758_create_roles_permissions/up.sql b/migrations/2020-05-12-003758_create_roles_permissions/up.sql index e3d763d..604e8f0 100644 --- a/migrations/2020-05-12-003758_create_roles_permissions/up.sql +++ b/migrations/2020-05-12-003758_create_roles_permissions/up.sql @@ -1,14 +1,15 @@ -- Your SQL goes here create table roles_permissions ( - role_id text not null + role_id text not null constraint roles_permissions_roles_id_fk references roles on update cascade on delete cascade, - permission_id text not null + permission_id text not null constraint roles_permissions_permissions_permission_fk references permissions on update cascade on delete cascade, - constraint roles_permissions_pk - primary key (role_id, permission_id) -); \ No newline at end of file + role_permission_id uuid default uuid_generate_v1() not null + constraint roles_permissions_pk_2 + primary key +); diff --git a/migrations/2020-08-12-222219_create_groups/down.sql b/migrations/2020-08-12-222219_create_groups/down.sql new file mode 100644 index 0000000..8f346b6 --- /dev/null +++ b/migrations/2020-08-12-222219_create_groups/down.sql @@ -0,0 +1,2 @@ +-- This file should undo anything in `up.sql` +drop table groups; \ No newline at end of file diff --git a/migrations/2020-08-12-222219_create_groups/up.sql b/migrations/2020-08-12-222219_create_groups/up.sql new file mode 100644 index 0000000..1c0609b --- /dev/null +++ b/migrations/2020-08-12-222219_create_groups/up.sql @@ -0,0 +1,15 @@ +-- Your SQL goes here +create table groups +( + entity_id uuid default uuid_generate_v1() not null + constraint groups_pk + primary key + constraint groups_entities_entity_id_fk + references entities + on update cascade on delete cascade, + group_name text not null, + group_description text +); + +create unique index groups_group_name_uindex + on groups (group_name); diff --git a/migrations/2020-08-12-222742_create_groups_entities/down.sql b/migrations/2020-08-12-222742_create_groups_entities/down.sql new file mode 100644 index 0000000..fd6b83b --- /dev/null +++ b/migrations/2020-08-12-222742_create_groups_entities/down.sql @@ -0,0 +1,2 @@ +-- This file should undo anything in `up.sql` +drop table groups_entities; \ No newline at end of file diff --git a/migrations/2020-08-12-222742_create_groups_entities/up.sql b/migrations/2020-08-12-222742_create_groups_entities/up.sql new file mode 100644 index 0000000..c126642 --- /dev/null +++ b/migrations/2020-08-12-222742_create_groups_entities/up.sql @@ -0,0 +1,14 @@ +-- Your SQL goes here +create table groups_entities +( + group_id uuid not null + constraint groups_entities_groups_group_id_fk + references groups + on update cascade on delete cascade, + entity_id uuid not null + constraint groups_entities_entities_entity_id_fk + references entities + on update cascade on delete cascade, + constraint groups_entities_pk + primary key (group_id, entity_id) +); \ No newline at end of file diff --git a/migrations/2020-08-22-212606_create_roles_permissions_context/down.sql b/migrations/2020-08-22-212606_create_roles_permissions_context/down.sql new file mode 100644 index 0000000..f020e64 --- /dev/null +++ b/migrations/2020-08-22-212606_create_roles_permissions_context/down.sql @@ -0,0 +1,2 @@ +-- This file should undo anything in `up.sql` +drop table roles_permissions_context; \ No newline at end of file diff --git a/migrations/2020-08-22-212606_create_roles_permissions_context/up.sql b/migrations/2020-08-22-212606_create_roles_permissions_context/up.sql new file mode 100644 index 0000000..9757c24 --- /dev/null +++ b/migrations/2020-08-22-212606_create_roles_permissions_context/up.sql @@ -0,0 +1,14 @@ +-- Your SQL goes here +create table roles_permissions_context +( + role_permission_id uuid + constraint roles_permissions_contexts_roles_permissions_role_permission_id + references roles_permissions + on update cascade on delete cascade, + entity uuid + constraint roles_permissions_contexts_entities_entity_id_fk + references entities + on update cascade on delete cascade, + constraint roles_permissions_context_pk + primary key (role_permission_id, entity) +); diff --git a/resources/css/errms.css b/resources/css/errms.css index cb56e67..0cef711 100644 --- a/resources/css/errms.css +++ b/resources/css/errms.css @@ -96,3 +96,7 @@ ul ul a { .sidebar_entry_active{ text-decoration: underline; } +.group_selection_group{ + display: inline; + +} \ No newline at end of file diff --git a/resources/templates/module_member_management_selection.hbs b/resources/templates/module_member_management_selection.hbs index 9e3eafb..232ad3d 100644 --- a/resources/templates/module_member_management_selection.hbs +++ b/resources/templates/module_member_management_selection.hbs @@ -17,9 +17,14 @@
- {{#each group_list}} - {{name}} - {{/each}} +
+ {{#each group_list}} + + + + + {{/each}} +
diff --git a/sqlschema.sql b/sqlschema.sql new file mode 100644 index 0000000..a5f1d76 --- /dev/null +++ b/sqlschema.sql @@ -0,0 +1,235 @@ +create table __diesel_schema_migrations +( + version varchar(50) not null + constraint __diesel_schema_migrations_pkey + primary key, + run_on timestamp default CURRENT_TIMESTAMP not null +); + +create table users +( + id uuid default uuid_generate_v1() not null + constraint pk___users___id + primary key, + password text, + email text +); + +create table communication_types +( + id uuid default uuid_generate_v1() not null + constraint pk___communication_types___id + primary key, + name text not null +); + +create table addresses +( + id uuid default uuid_generate_v1() not null + constraint addresses_pk + primary key, + title text, + street text not null, + number text not null, + zipcode text not null, + city text not null, + geo_location point +); + +create table entities +( + entity_id uuid default uuid_generate_v1() not null + constraint entities_pk + primary key +); + +create table members +( + entity_id uuid default uuid_generate_v1() not null + constraint pk___members___id + primary key + constraint members_entities_entity_id_fk + references entities + on update cascade on delete cascade, + users_id uuid + constraint fk___members___users_id___users + references users, + firstname text not null, + lastname text not null, + date_of_birth date, + sex smallint, + salutation text, + place_of_birth text, + academic_titles text, + personnel_number integer, + ui_language text +); + +create unique index members_personnel_number_uindex + on members (personnel_number); + +create table addresses_entities +( + address_id uuid not null + constraint addresses_entities_addresses_id_fk + references addresses + on update cascade on delete cascade, + entitiy_id uuid not null + constraint addresses_entities_entities_entity_id_fk + references entities + on update cascade on delete cascade, + constraint addresses_entities_pk + primary key (address_id, entitiy_id) +); + +create table buildings +( + entity_id uuid default uuid_generate_v1() not null + constraint buildings_pk + primary key + constraint buildings_entities_entity_id_fk + references entities + on update cascade on delete cascade, + name text not null, + description text +); + +create table vehicle_categories +( + id uuid default uuid_generate_v1() not null + constraint vehicle_categories_pk + primary key, + name text not null, + description text +); + +create table vehicles +( + entity_id uuid default uuid_generate_v1() not null + constraint vehicles_pk + primary key + constraint vehicles_entities_entity_id_fk + references entities + on update cascade on delete cascade + constraint vehicles_vehicle_categories_id_fk + references vehicle_categories + on update cascade on delete set null, + identifier text not null, + numberplate text, + description text, + vehicle_category uuid default uuid_generate_v1(), + next_inspection date, + is_operational boolean default true not null, + admissible_total_weight real, + required_license uuid +); + +create table communication_targets +( + id uuid default uuid_generate_v1() not null + constraint pk___communication_targets___id + primary key + constraint communication_targets_entities_entity_id_fk + references entities + on update cascade on delete cascade, + entity text not null, + entity_id uuid not null, + com_type uuid not null + constraint fk___communication_target___type___communication_types + references communication_types, + value text not null, + description text, + visibility boolean default false not null +); + +create table permissions +( + permission text not null + constraint permissions_pk + primary key, + description text +); + +create table roles +( + id text not null + constraint roles_pk + primary key, + description text +); + +create table roles_permissions +( + role_id text not null + constraint roles_permissions_roles_id_fk + references roles + on update cascade on delete cascade, + permission_id text not null + constraint roles_permissions_permissions_permission_fk + references permissions + on update cascade on delete cascade, + role_permission_id uuid default uuid_generate_v1() not null + constraint roles_permissions_pk_2 + primary key +); + +create unique index roles_permissions_role_permission_id_uindex + on roles_permissions (role_permission_id); + +create table members_roles +( + member_id uuid not null + constraint members_roles_entities_entity_id_fk + references entities + on update cascade on delete cascade, + role_id text not null + constraint members_roles_roles_id_fk + references roles + on update cascade on delete cascade, + constraint members_roles_pk + primary key (member_id, role_id) +); + +create table groups +( + entity_id uuid default uuid_generate_v1() not null + constraint groups_pk + primary key + constraint groups_entities_entity_id_fk + references entities + on update cascade on delete cascade, + group_name text not null, + group_description text +); + +create unique index groups_group_name_uindex + on groups (group_name); + +create table groups_entities +( + group_id uuid not null + constraint groups_entities_groups_group_id_fk + references groups + on update cascade on delete cascade, + entity_id uuid not null + constraint groups_entities_entities_entity_id_fk + references entities + on update cascade on delete cascade, + constraint groups_entities_pk + primary key (group_id, entity_id) +); + +create table roles_permissions_context +( + role_permission_id uuid not null + constraint roles_permissions_contexts_roles_permissions_role_permission_id + references roles_permissions + on update cascade on delete cascade, + entity uuid not null + constraint roles_permissions_contexts_entities_entity_id_fk + references entities + on update cascade on delete cascade, + constraint roles_permissions_context_pk + primary key (role_permission_id, entity) +); + diff --git a/src/helper/server_errors.rs b/src/helper/server_errors.rs index f043b0b..af7d74d 100644 --- a/src/helper/server_errors.rs +++ b/src/helper/server_errors.rs @@ -7,3 +7,10 @@ use rocket::Request; pub fn unauthorized() -> Redirect { Redirect::to("/?error=unauthorized") } + +/// Catches all 403 errors and redirects to main portal page to show error +/// Will be called when member tries to access module/action without required permissions +#[catch(403)] +pub fn forbidden() -> Redirect { + Redirect::to("/portal?error=forbidden") +} diff --git a/src/modules/member_management/view/member_management_selection_get.rs b/src/modules/member_management/view/member_management_selection_get.rs index cd08fb8..8b8f475 100644 --- a/src/modules/member_management/view/member_management_selection_get.rs +++ b/src/modules/member_management/view/member_management_selection_get.rs @@ -18,6 +18,10 @@ pub fn member_management_selection_get( None => return Err(Status::Unauthorized), }; + if !member.has_permission("modules.member_management.list.view".to_string()) { + return Err(Status::Forbidden); + } + Ok(Template::render( "module_member_management_selection", get_selection_context(member, &settings), diff --git a/src/schema.rs b/src/schema.rs index e386d13..fe3f7a8 100644 --- a/src/schema.rs +++ b/src/schema.rs @@ -68,6 +68,27 @@ table! { } } +table! { + use diesel::sql_types::*; + use diesel_geometry::sql_types::*; + + groups (entity_id) { + entity_id -> Uuid, + group_name -> Text, + group_description -> Nullable, + } +} + +table! { + use diesel::sql_types::*; + use diesel_geometry::sql_types::*; + + groups_entities (group_id, entity_id) { + group_id -> Uuid, + entity_id -> Uuid, + } +} + table! { use diesel::sql_types::*; use diesel_geometry::sql_types::*; @@ -121,9 +142,20 @@ table! { use diesel::sql_types::*; use diesel_geometry::sql_types::*; - roles_permissions (role_id, permission_id) { + roles_permissions (role_permission_id) { role_id -> Text, permission_id -> Text, + role_permission_id -> Uuid, + } +} + +table! { + use diesel::sql_types::*; + use diesel_geometry::sql_types::*; + + roles_permissions_context (role_permission_id, entity) { + role_permission_id -> Uuid, + entity -> Uuid, } } @@ -166,41 +198,24 @@ table! { } } -table! { - use diesel::sql_types::*; - use diesel_geometry::sql_types::*; - - groups (group_id) { - group_id -> Uuid, - group_name -> Text, - group_description -> Nullable, - } -} - -table! { - use diesel::sql_types::*; - use diesel_geometry::sql_types::*; - - groups_entities (group_id, entity_id) { - group_id -> Uuid, - entity_id -> Uuid, - } -} - joinable!(addresses_entities -> addresses (address_id)); joinable!(addresses_entities -> entities (entitiy_id)); joinable!(buildings -> entities (entity_id)); joinable!(communication_targets -> communication_types (com_type)); joinable!(communication_targets -> entities (id)); +joinable!(groups -> entities (entity_id)); +joinable!(groups_entities -> entities (entity_id)); +joinable!(groups_entities -> groups (group_id)); joinable!(members -> entities (entity_id)); joinable!(members -> users (users_id)); joinable!(members_roles -> entities (member_id)); joinable!(members_roles -> roles (role_id)); joinable!(roles_permissions -> permissions (permission_id)); +joinable!(roles_permissions -> roles (role_id)); +joinable!(roles_permissions_context -> entities (entity)); +joinable!(roles_permissions_context -> roles_permissions (role_permission_id)); joinable!(vehicles -> entities (entity_id)); joinable!(vehicles -> vehicle_categories (entity_id)); -joinable!(groups_entities -> entities (entity_id)); -joinable!(groups_entities -> groups (group_id)); allow_tables_to_appear_in_same_query!( addresses, @@ -209,14 +224,15 @@ allow_tables_to_appear_in_same_query!( communication_targets, communication_types, entities, + groups, + groups_entities, members, members_roles, permissions, roles, roles_permissions, + roles_permissions_context, users, vehicle_categories, vehicles, - groups, - groups_entities, );