refactor: restructure permission handling and enhance Guard functionality

- Introduced a new `createGuard` function to streamline the creation of Guard instances with permissions and roles. - Updated tests in `authorize.spec.ts` to reflect changes in permission checks, ensuring they now return undefined for denied permissions. - Added new `Permission` and `Policy` classes to improve type safety and flexibility in permission management. - Refactored middleware and controller files to utilize the updated permission structure, including context handling for permissions. - Created a new `SystemController.spec.ts` file to test the integration of the new permission system within the SystemController. - Removed legacy permission handling from core security files, consolidating permission logic within the new structure.
2026-03-17 04:46:05 +00:00 · 2025-10-13 18:20:46 +02:00
parent b784e1c1c4
commit 2f88c2216c
26 changed files with 954 additions and 367 deletions
--- a/app/src/media/api/MediaController.ts
+++ b/app/src/media/api/MediaController.ts
@@ -36,7 +36,7 @@ export class MediaController extends Controller {
            summary: "Get the list of files",
            tags: ["media"],
         }),
-         permission(MediaPermissions.listFiles),
+         permission(MediaPermissions.listFiles, {}),
         async (c) => {
            const files = await this.getStorageAdapter().listObjects();
            return c.json(files);
@@ -51,7 +51,7 @@ export class MediaController extends Controller {
            summary: "Get a file by name",
            tags: ["media"],
         }),
-         permission(MediaPermissions.readFile),
+         permission(MediaPermissions.readFile, {}),
         async (c) => {
            const { filename } = c.req.param();
            if (!filename) {
@@ -81,7 +81,7 @@ export class MediaController extends Controller {
            summary: "Delete a file by name",
            tags: ["media"],
         }),
-         permission(MediaPermissions.deleteFile),
+         permission(MediaPermissions.deleteFile, {}),
         async (c) => {
            const { filename } = c.req.param();
            if (!filename) {
@@ -149,7 +149,7 @@ export class MediaController extends Controller {
            requestBody,
         }),
         jsc("param", s.object({ filename: s.string().optional() })),
-         permission(MediaPermissions.uploadFile),
+         permission(MediaPermissions.uploadFile, {}),
         async (c) => {
            const reqname = c.req.param("filename");

@@ -189,8 +189,8 @@ export class MediaController extends Controller {
            }),
         ),
         jsc("query", s.object({ overwrite: s.boolean().optional() })),
-         permission(DataPermissions.entityCreate),
-         permission(MediaPermissions.uploadFile),
+         permission(DataPermissions.entityCreate, {}),
+         permission(MediaPermissions.uploadFile, {}),
         async (c) => {
            const { entity: entity_name, id: entity_id, field: field_name } = c.req.valid("param");