Add configuration option for automatic assigning of "read-only user" role after registration

This commit is contained in:
silverpill 2023-01-24 20:55:24 +00:00
parent 2ea14635d2
commit 01f956b6ce
5 changed files with 15 additions and 3 deletions

View file

@ -12,6 +12,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- Added `registration.type` configuration option (replaces `registrations_open`). - Added `registration.type` configuration option (replaces `registrations_open`).
- Implemented roles & permissions. - Implemented roles & permissions.
- Added "read-only user" role. - Added "read-only user" role.
- Added configuration option for automatic assigning of "read-only user" role after registration.
### Deprecated ### Deprecated

View file

@ -46,6 +46,9 @@ impl<'de> Deserialize<'de> for RegistrationType {
pub struct RegistrationConfig { pub struct RegistrationConfig {
#[serde(rename = "type")] #[serde(rename = "type")]
pub registration_type: RegistrationType, pub registration_type: RegistrationType,
#[serde(default)]
pub default_role_read_only_user: bool, // default is false
} }
fn default_log_level() -> LogLevel { LogLevel::Info } fn default_log_level() -> LogLevel { LogLevel::Info }

View file

@ -68,7 +68,7 @@ use crate::models::users::queries::{
get_user_by_did, get_user_by_did,
is_valid_invite_code, is_valid_invite_code,
}; };
use crate::models::users::types::UserCreateData; use crate::models::users::types::{Role, UserCreateData};
use crate::utils::{ use crate::utils::{
caip2::ChainId, caip2::ChainId,
canonicalization::canonicalize_object, canonicalization::canonicalize_object,
@ -167,12 +167,18 @@ pub async fn create_account(
let AccountCreateData { username, invite_code, .. } = let AccountCreateData { username, invite_code, .. } =
account_data.into_inner(); account_data.into_inner();
let role = if config.registration.default_role_read_only_user {
Role::ReadOnlyUser
} else {
Role::NormalUser
};
let user_data = UserCreateData { let user_data = UserCreateData {
username, username,
password_hash: maybe_password_hash, password_hash: maybe_password_hash,
private_key_pem, private_key_pem,
wallet_address: maybe_wallet_address, wallet_address: maybe_wallet_address,
invite_code, invite_code,
role,
}; };
let user = match create_user(db_client, user_data).await { let user = match create_user(db_client, user_data).await {
Ok(user) => user, Ok(user) => user,

View file

@ -9,7 +9,7 @@ use crate::identity::{did::Did, did_pkh::DidPkh};
use crate::models::profiles::queries::create_profile; use crate::models::profiles::queries::create_profile;
use crate::models::profiles::types::{DbActorProfile, ProfileCreateData}; use crate::models::profiles::types::{DbActorProfile, ProfileCreateData};
use crate::utils::currencies::Currency; use crate::utils::currencies::Currency;
use super::types::{DbUser, Role, User, UserCreateData}; use super::types::{DbUser, User, UserCreateData};
use super::utils::generate_invite_code; use super::utils::generate_invite_code;
pub async fn create_invite_code( pub async fn create_invite_code(
@ -127,7 +127,7 @@ pub async fn create_user(
&user_data.password_hash, &user_data.password_hash,
&user_data.private_key_pem, &user_data.private_key_pem,
&user_data.invite_code, &user_data.invite_code,
&Role::default(), &user_data.role,
], ],
).await.map_err(catch_unique_violation("user"))?; ).await.map_err(catch_unique_violation("user"))?;
let db_user: DbUser = row.try_get("user_account")?; let db_user: DbUser = row.try_get("user_account")?;
@ -275,6 +275,7 @@ pub async fn get_user_count(
mod tests { mod tests {
use serial_test::serial; use serial_test::serial;
use crate::database::test_utils::create_test_database; use crate::database::test_utils::create_test_database;
use crate::models::users::types::Role;
use super::*; use super::*;
#[tokio::test] #[tokio::test]

View file

@ -145,6 +145,7 @@ pub struct UserCreateData {
pub private_key_pem: String, pub private_key_pem: String,
pub wallet_address: Option<String>, pub wallet_address: Option<String>,
pub invite_code: Option<String>, pub invite_code: Option<String>,
pub role: Role,
} }
pub fn validate_local_username(username: &str) -> Result<(), ValidationError> { pub fn validate_local_username(username: &str) -> Result<(), ValidationError> {