Added migration to add tasks manager permission for admin role

All routes are now properly protected against logged in users w/o permissions
2026-04-24 08:23:20 +03:00 · 2022-06-30 00:43:57 -04:00
parent 703848e4e5
commit 077a0d8fdb
6 changed files with 37 additions and 13 deletions
--- a/backend/app.js
+++ b/backend/app.js
@@ -68,7 +68,8 @@ db.defaults(
        configWriteFlag: false,
        downloads: {},
        subscriptions: [],
-        files_to_db_migration_complete: false
+        files_to_db_migration_complete: false,
        tasks_manager_role_migration_complete: false
 }).write();
 users_db.defaults(
@@ -194,6 +195,15 @@ async function checkMigrations() {
        else { logger.error('Migration failed: 4.2->4.3+'); }
    }
    const tasks_manager_role_migration_complete = db.get('tasks_manager_role_migration_complete').value();
    if (!tasks_manager_role_migration_complete) {
        logger.info('Checking if tasks manager role permissions exist for admin user...');
        const success = await auth_api.changeRolePermissions('admin', 'tasks_manager', 'yes');
        if (success) logger.info('Task manager permissions check complete!');
        else logger.error('Failed to auto add tasks manager permissions to admin role!');
        db.set('tasks_manager_role_migration_complete', true).write();
    }
    return true;
 }
--- a/backend/authentication/auth.js
+++ b/backend/authentication/auth.js
@@ -361,7 +361,6 @@ exports.userHasPermission = async function(user_uid, permission) {
    logger.error('Invalid role ' + role);
    return false;
  }
  const role_permissions = (await db_api.getRecords('roles'))['permissions'];
  const user_has_explicit_permission = user_obj['permissions'].includes(permission);
  const permission_in_overrides = user_obj['permission_overrides'].includes(permission);
@@ -376,7 +375,8 @@ exports.userHasPermission = async function(user_uid, permission) {
  }
  // no overrides, let's check if the role has the permission
-  if (role_permissions.includes(permission)) {
+  const role_has_permission = await exports.roleHasPermissions(role, permission);
  if (role_has_permission) {
    return true;
  } else {
    logger.verbose(`User ${user_uid} failed to get permission ${permission}`);
@@ -384,6 +384,16 @@ exports.userHasPermission = async function(user_uid, permission) {
  }
 }
 exports.roleHasPermissions = async function(role, permission) {
  const role_obj = await db_api.getRecord('roles', {key: role})
  if (!role) {
    logger.error(`Role ${role} does not exist!`);
  }
  const role_permissions = role_obj['permissions'];
  if (role_permissions && role_permissions.includes(permission)) return true;
  else return false;
 }
 exports.userPermissions = async function(user_uid) {
  let user_permissions = [];
  const user_obj = await db_api.getRecord('users', ({uid: user_uid}));
--- a/backend/consts.js
+++ b/backend/consts.js
@@ -221,7 +221,8 @@ exports.AVAILABLE_PERMISSIONS = [
    'subscriptions',
    'sharing',
    'advanced_download',
-    'downloads_manager'
+    'downloads_manager',
    'tasks_manager'
 ];
 exports.DETAILS_BIN_PATH = 'node_modules/youtube-dl/bin/details'
--- a/backend/utils.js
+++ b/backend/utils.js
@@ -172,7 +172,7 @@ function getExpectedFileSize(input_info_jsons) {
        const formats = info_json['format_id'].split('+');
        let individual_expected_filesize = 0;
        formats.forEach(format_id => {
-            if(info_json.formats !== undefined) {
+            if (info_json.formats !== undefined) {
                info_json.formats.forEach(available_format => {
                  if (available_format.format_id === format_id && (available_format.filesize || available_format.filesize_approx)) {
                    individual_expected_filesize += (available_format.filesize ? available_format.filesize : available_format.filesize_approx);
--- a/src/app/app.component.html
+++ b/src/app/app.component.html
@@ -44,7 +44,7 @@
                    <a *ngIf="postsService.config && postsService.config.Advanced.multi_user_mode && !postsService.isLoggedIn" mat-list-item (click)="sidenav.close()" routerLink='/login'><ng-container i18n="Navigation menu Login Page title">Login</ng-container></a>
                    <a *ngIf="postsService.config && allowSubscriptions && postsService.hasPermission('subscriptions')" mat-list-item (click)="postsService.sidepanel_mode === 'over' ? sidenav.close() : null" routerLink='/subscriptions'><ng-container i18n="Navigation menu Subscriptions Page title">Subscriptions</ng-container></a>
                    <a *ngIf="postsService.config && enableDownloadsManager && postsService.hasPermission('downloads_manager')" mat-list-item (click)="postsService.sidepanel_mode === 'over' ? sidenav.close() : null" routerLink='/downloads'><ng-container i18n="Navigation menu Downloads Page title">Downloads</ng-container></a>
-                    <a *ngIf="postsService.config && enableDownloadsManager && postsService.hasPermission('downloads_manager')" mat-list-item (click)="postsService.sidepanel_mode === 'over' ? sidenav.close() : null" routerLink='/tasks'><ng-container i18n="Navigation menu Tasks Page title">Tasks</ng-container></a>
+                    <a *ngIf="postsService.config && postsService.hasPermission('tasks_manager')" mat-list-item (click)="postsService.sidepanel_mode === 'over' ? sidenav.close() : null" routerLink='/tasks'><ng-container i18n="Navigation menu Tasks Page title">Tasks</ng-container></a>
                    <ng-container *ngIf="postsService.config && postsService.hasPermission('settings')">
                        <mat-divider></mat-divider>
                        <a mat-list-item (click)="postsService.sidepanel_mode === 'over' ? sidenav.close() : null" routerLink='/settings'><ng-container i18n="Settings menu label">Settings</ng-container></a>
--- a/src/app/posts.services.ts
+++ b/src/app/posts.services.ts
@@ -4,7 +4,7 @@ import 'rxjs/add/operator/map';
 import 'rxjs/add/operator/catch';
 import 'rxjs/add/observable/throw';
 import { THEMES_CONFIG } from '../themes';
-import { Router, CanActivate } from '@angular/router';
+import { Router, CanActivate, ActivatedRouteSnapshot } from '@angular/router';
 import { DOCUMENT } from '@angular/common';
 import { BehaviorSubject } from 'rxjs';
 import { MatSnackBar } from '@angular/material/snack-bar';
@@ -229,12 +229,15 @@ export class PostsService implements CanActivate {
        }
    }
-    canActivate(route, state): Promise<boolean> {
+    canActivate(route: ActivatedRouteSnapshot, state): Promise<boolean> {
-        return new Promise(resolve => {
+        const PATH_TO_REQUIRED_PERM = {
-            resolve(true);
+            settings: 'settings',
-        })
+            subscriptions: 'subscriptions',
-        console.log(route);
+            downloads: 'downloads_manager',
-        throw new Error('Method not implemented.');
+            tasks: 'tasks_manager'
        }
        const required_perm = PATH_TO_REQUIRED_PERM[route.routeConfig.path];
        return required_perm ? this.hasPermission(required_perm) : true;
    }
    setTheme(theme) {