add ACL permissions to bags & tiddlers on creation

2025-12-03 07:18:06 +00:00 · 2024-10-03 18:23:47 +00:00
parent 6a9dcacfd4
commit 13d7cd96b2
5 changed files with 44 additions and 67 deletions
--- a/editions/multiwikiserver/tiddlywiki.info
+++ b/editions/multiwikiserver/tiddlywiki.info
@@ -36,7 +36,14 @@
 			"--mws-save-tiddler-text","bag-alpha","$:/SiteTitle","bag-alpha",
 			"--mws-save-tiddler-text","bag-alpha","😀😃😄😁😆🥹😅😂","bag-alpha",
 			"--mws-save-tiddler-text","bag-beta","$:/SiteTitle","bag-beta",
-			"--mws-save-tiddler-text","bag-gamma","$:/SiteTitle","bag-gamma"
+			"--mws-save-tiddler-text","bag-gamma","$:/SiteTitle","bag-gamma",
+			"--mws-add-permission", "READ", "Allows user to create tiddlers",
+			"--mws-add-permission", "WRITE", "Gives the user the permission to edit and delete tiddlers",
+			"--mws-add-role", "ADMIN", "System Administrator",
+			"--mws-add-role", "USER", "Basic User",
+			"--mws-assign-role-permission", "ADMIN", "READ",
+			"--mws-assign-role-permission", "ADMIN", "WRITE",
+			"--mws-assign-role-permission", "USER", "READ",
 			]
 	}
 }
--- a/package-lock.json
+++ b/package-lock.json
@@ -9,10 +9,10 @@
      "version": "5.3.6-prerelease",
      "license": "BSD",
      "dependencies": {
-        "@playwright/test": "^1.46.1",
+        "@playwright/test": "^1.47.2",
        "better-sqlite3": "^9.4.3",
        "node-sqlite3-wasm": "^0.8.10",
-        "playwright": "^1.46.1"
+        "playwright": "^1.47.2"
      },
      "bin": {
        "tiddlywiki": "tiddlywiki.js"
@@ -177,11 +177,11 @@
      "dev": true
    },
    "node_modules/@playwright/test": {
-      "version": "1.46.1",
-      "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.46.1.tgz",
-      "integrity": "sha512-Fq6SwLujA/DOIvNC2EL/SojJnkKf/rAwJ//APpJJHRyMi1PdKrY3Az+4XNQ51N4RTbItbIByQ0jgd1tayq1aeA==",
+      "version": "1.47.2",
+      "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.47.2.tgz",
+      "integrity": "sha512-jTXRsoSPONAs8Za9QEQdyjFn+0ZQFjCiIztAIF6bi1HqhBzG9Ma7g1WotyiGqFSBRZjIEqMdT8RUlbk1QVhzCQ==",
      "dependencies": {
-        "playwright": "1.46.1"
+        "playwright": "1.47.2"
      },
      "bin": {
        "playwright": "cli.js"
@@ -1205,11 +1205,11 @@
      }
    },
    "node_modules/playwright": {
-      "version": "1.46.1",
-      "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.46.1.tgz",
-      "integrity": "sha512-oPcr1yqoXLCkgKtD5eNUPLiN40rYEM39odNpIb6VE6S7/15gJmA1NzVv6zJYusV0e7tzvkU/utBFNa/Kpxmwng==",
+      "version": "1.47.2",
+      "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.47.2.tgz",
+      "integrity": "sha512-nx1cLMmQWqmA3UsnjaaokyoUpdVaaDhJhMoxX2qj3McpjnsqFHs516QAKYhqHAgOP+oCFTEOCOAaD1RgD/RQfA==",
      "dependencies": {
-        "playwright-core": "1.46.1"
+        "playwright-core": "1.47.2"
      },
      "bin": {
        "playwright": "cli.js"
@@ -1222,9 +1222,9 @@
      }
    },
    "node_modules/playwright-core": {
-      "version": "1.46.1",
-      "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.46.1.tgz",
-      "integrity": "sha512-h9LqIQaAv+CYvWzsZ+h3RsrqCStkBHlgo6/TJlFst3cOTlLghBQlJwPOZKQJTKNaD3QIB7aAVQ+gfWbN3NXB7A==",
+      "version": "1.47.2",
+      "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.47.2.tgz",
+      "integrity": "sha512-3JvMfF+9LJfe16l7AbSmU555PaTl2tPyQsVInqm3id16pdDfvZ8TTZ/pyzmkbDrZTQefyzU7AIHlZqQnxpqHVQ==",
      "bin": {
        "playwright-core": "cli.js"
      },
--- a/package.json
+++ b/package.json
@@ -40,9 +40,9 @@
    "lint": "eslint ."
  },
  "dependencies": {
-    "@playwright/test": "^1.46.1",
+    "@playwright/test": "^1.47.2",
    "better-sqlite3": "^9.4.3",
    "node-sqlite3-wasm": "^0.8.10",
-    "playwright": "^1.46.1"
+    "playwright": "^1.47.2"
  }
 }
--- a/plugins/tiddlywiki/multiwikiserver/modules/store/sql-tiddler-database.js
+++ b/plugins/tiddlywiki/multiwikiserver/modules/store/sql-tiddler-database.js
@@ -198,7 +198,7 @@ Returns the bag_id of the bag
 SqlTiddlerDatabase.prototype.createBag = function(bag_name,description,accesscontrol) {
 	accesscontrol = accesscontrol || "";
 	// Run the queries
-	this.engine.runStatement(`
+	var bag = this.engine.runStatement(`
 		INSERT OR IGNORE INTO bags (bag_name, accesscontrol, description)
 		VALUES ($bag_name, '', '')
 	`,{
@@ -214,6 +214,16 @@ SqlTiddlerDatabase.prototype.createBag = function(bag_name,description,accesscon
 		$accesscontrol: accesscontrol,
 		$description: description
 	});
+	
+
+	// update the permissions on ACL records
+	const admin = this.getRoleByName('ADMIN');
+	if(admin) {	
+		const readPermission = this.getPermissionByName('READ');
+		const writePermission = this.getPermissionByName('WRITE');
+		this.createACL(updateBags.lastInsertRowid, 'bag', admin.role_id, readPermission.permission_id);
+		this.createACL(updateBags.lastInsertRowid, 'bag', admin.role_id, writePermission.permission_id);
+	}
 	return updateBags.lastInsertRowid;
 };

@@ -277,6 +287,16 @@ SqlTiddlerDatabase.prototype.createRecipe = function(recipe_name,bag_names,descr
 		$recipe_name: recipe_name,
 		$bag_names: JSON.stringify(bag_names)
 	});
+
+
+	// update the permissions on ACL records
+	const admin = this.getRoleByName('ADMIN');
+	if(admin) {
+		const readPermission = this.getPermissionByName('READ');
+		const writePermission = this.getPermissionByName('WRITE');
+		this.createACL(updateRecipes.lastInsertRowid, 'recipe', admin.role_id, readPermission.permission_id);
+		this.createACL(updateRecipes.lastInsertRowid, 'recipe', admin.role_id, writePermission.permission_id);
+	}
 	return updateRecipes.lastInsertRowid;
 };

--- a/plugins/tiddlywiki/multiwikiserver/templates/manage-user.tid
+++ b/plugins/tiddlywiki/multiwikiserver/templates/manage-user.tid
@@ -39,58 +39,8 @@ title: $:/plugins/tiddlywiki/multiwikiserver/templates/manage-user
        </$list>
      </ul>
    </div>
-
-  <div class="user-actions">
-      <$button class="tc-btn-invisible">
-          {{$:/core/images/edit-button}} Edit
-          <<edit-user-actions {{{ [<currentUser>jsonget[user_id]] }}}>>
-      </$button>
-      <$button class="tc-btn-invisible">
-          {{$:/core/images/delete-button}} Delete
-          <$action-confirm $message="Are you sure you want to delete this user?">
-              <<delete-user-actions {{{ [<currentUser>jsonget[user_id]] }}}>>
-          </$action-confirm>
-      </$button>
-  </div>
-  <hr />
-  <div class="user-profile-roles-management">
-    <h2>Manage User Roles</h2>
-    <select id="roleSelect">
-      <option value="">Select a role to add</option>
-      <$list filter="[<all-roles>jsonindexes[]]" variable="role-index">
-        <$let role={{{ [<all-roles>jsonextract<role-index>] }}}>
-          <option value={{{ [<role>jsonget[role_id]] }}}>
-            <$text text={{{ [<role>jsonget[role_name]] }}}/>
-          </option>
-        </$let>
-      </$list>
-    </select>
-    <button onclick="addRoleToUser()">Add Role</button>
-  </div>
-  </div>
 </div>

-<script>
-function addRoleToUser() {
-    const roleId = document.getElementById('roleSelect').value;
-    if (roleId) {
-        fetch('/admin/users/{{{ [<user>jsonget[user_id]] }}}/roles', {
-            method: 'POST',
-            headers: { 'Content-Type': 'application/json' },
-            body: JSON.stringify({ role_id: roleId })
-        }).then(() => location.reload());
-    }
-}
-
-function removeRoleFromUser(roleId) {
-    if (confirm("Are you sure you want to remove this role from the user?")) {
-        fetch('/admin/users/{{{ [<user>jsonget[user_id]] }}}/roles/' + roleId, {
-            method: 'DELETE'
-        }).then(() => location.reload());
-    }
-}
-</script>
-
 <style>
 .user-profile-container {
  max-width: 600px;