Get user permissions

BrunoQuaresma · BrunoQuaresma · commit 2a180d42b4c9 · 2022-05-13T13:41:20.000Z
diff --git a/coderd/rbac/object.go b/coderd/rbac/object.go
@@ -17,6 +17,10 @@ var (
 		Type: "template",
 	}
 
+	ResourceUser = Object{
+		Type: "user",
+	}
+
 	// ResourceUserRole might be expanded later to allow more granular permissions
 	// to modifying roles. For now, this covers all possible roles, so having this permission
 	// allows granting/deleting **ALL** roles.
diff --git a/site/src/api/api.ts b/site/src/api/api.ts
@@ -76,6 +76,17 @@ export const getAuthMethods = async (): Promise<TypesGen.AuthMethods> => {
   return response.data
 }
 
+export const getUserPermissions = async (
+  userId: string,
+  params: TypesGen.UserPermissionCheckRequest,
+): Promise<TypesGen.UserPermissionCheckResponse> => {
+  const response = await axios.post<TypesGen.UserPermissionCheckResponse>(
+    `/api/v2/users/${userId}/authorization`,
+    params,
+  )
+  return response.data
+}
+
 export const getApiKey = async (): Promise<TypesGen.GenerateAPIKeyResponse> => {
   const response = await axios.post<TypesGen.GenerateAPIKeyResponse>("/api/v2/users/me/keys")
   return response.data
diff --git a/site/src/api/types.ts b/site/src/api/types.ts
@@ -10,3 +10,5 @@ export interface ReconnectingPTYRequest {
   readonly height?: number
   readonly width?: number
 }
+
+export type UserPermissionCheckResponse = Record<string, boolean>
diff --git a/site/src/xServices/auth/authXService.ts b/site/src/xServices/auth/authXService.ts
@@ -7,13 +7,24 @@ export const Language = {
   successProfileUpdate: "Updated preferences.",
 }
 
+const permissionsToCheck: Record<string, TypesGen.UserPermissionCheck> = {
+  readAllUsers: {
+    object: {
+      resource_type: "user",
+    },
+    action: "read",
+  },
+}
+
 export interface AuthContext {
   getUserError?: Error | unknown
   getMethodsError?: Error | unknown
   authError?: Error | unknown
   updateProfileError?: Error | unknown
   me?: TypesGen.User
   methods?: TypesGen.AuthMethods
+  permissions?: Types.UserPermissionCheckResponse
+  getPermissionsError?: Error | unknown
 }
 
 export type AuthEvent =
@@ -50,6 +61,9 @@ export const authMachine =
           updateProfile: {
             data: TypesGen.User
           }
+          getPermissions: {
+            data: Types.UserPermissionCheckResponse
+          }
         },
       },
       id: "authState",
@@ -88,7 +102,7 @@ export const authMachine =
             onDone: [
               {
                 actions: ["assignMe", "clearGetUserError"],
-                target: "signedIn",
+                target: "gettingPermissions",
               },
             ],
             onError: [
@@ -100,6 +114,26 @@ export const authMachine =
           },
           tags: "loading",
         },
+        gettingPermissions: {
+          entry: "clearGetPermissionsError",
+          invoke: {
+            src: "getPermissions",
+            id: "getPermissions",
+            onDone: [
+              {
+                actions: ["assignPermissions"],
+                target: "signedIn",
+              },
+            ],
+            onError: [
+              {
+                actions: "assignGetPermissionsError",
+                target: "signedOut",
+              },
+            ],
+          },
+          tags: "loading",
+        },
         gettingMethods: {
           invoke: {
             src: "getMethods",
@@ -200,6 +234,15 @@ export const authMachine =
 
           return API.updateProfile(context.me.id, event.data)
         },
+        getPermissions: async (context) => {
+          if (!context.me) {
+            throw new Error("No current user found")
+          }
+
+          return API.getUserPermissions(context.me.id, {
+            checks: permissionsToCheck,
+          })
+        },
       },
       actions: {
         assignMe: assign({
@@ -242,6 +285,15 @@ export const authMachine =
         clearUpdateProfileError: assign({
           updateProfileError: (_) => undefined,
         }),
+        assignPermissions: assign({
+          permissions: (_, event) => event.data,
+        }),
+        assignGetPermissionsError: assign({
+          getPermissionsError: (_, event) => event.data,
+        }),
+        clearGetPermissionsError: assign({
+          getPermissionsError: (_) => undefined,
+        }),
       },
     },
   )

Original file line number	Diff line number	Diff line change
`@@ -10,3 +10,5 @@ export interface ReconnectingPTYRequest {`
`10`	`10`	`readonly height?: number`
`11`	`11`	`readonly width?: number`
`12`	`12`	`}`
	`13`	`+`
	`14`	`+export type UserPermissionCheckResponse = Record<string, boolean>`