Add roles

apps/entitree-images/package.json

@@ -11,48 +11,48 @@
     "test": "jest"
   },
   "dependencies": {
-    "@emotion/react": "^11.10.5",
-    "@emotion/styled": "^11.10.5",
+    "@emotion/react": "^11.11.0",
+    "@emotion/styled": "^11.11.0",
     "@entitree/helper": "workspace:*",
-    "@google-cloud/storage": "^6.9.2",
-    "@google-cloud/vision": "^3.1.0",
-    "@mui/icons-material": "^5.11.0",
-    "@mui/material": "^5.11.8",
-    "@mui/styles": "^5.11.7",
-    "@next-auth/prisma-adapter": "^1.0.5",
-    "@prisma/client": "4.10.0",
-    "axios": "^1.3.2",
+    "@google-cloud/storage": "^6.10.0",
+    "@google-cloud/vision": "^3.1.3",
+    "@mui/icons-material": "^5.11.16",
+    "@mui/material": "^5.12.3",
+    "@mui/styles": "^5.12.3",
+    "@next-auth/prisma-adapter": "^1.0.6",
+    "@prisma/client": "4.14.0",
+    "axios": "^1.4.0",
     "encoding": "^0.1.13",
     "form-data": "^4.0.0",
     "lodash": "^4.17.21",
-    "next": "13.2.4",
-    "next-auth": "^4.19.2",
+    "next": "13.4.1",
+    "next-auth": "^4.22.1",
     "nextjs-cors": "^2.1.2",
-    "node-fetch": "^3.3.0",
-    "prisma": "4.10.0",
+    "node-fetch": "^3.3.1",
+    "prisma": "4.14.0",
     "query-string": "^8.1.0",
-    "ra-data-simple-prisma": "^2.1.2",
-    "ra-i18n-polyglot": "^4.7.2",
-    "ra-language-english": "^4.7.2",
+    "ra-data-simple-prisma": "^2.3.0",
+    "ra-i18n-polyglot": "^4.10.2",
+    "ra-language-english": "^4.10.2",
     "react": "18.2.0",
-    "react-admin": "4.9.1",
+    "react-admin": "4.10.2",
     "react-dom": "18.2.0",
-    "react-hook-form": "^7.43.1",
-    "react-router": "^6.8.1",
-    "react-router-dom": "^6.8.1",
-    "schema-dts": "^1.1.0",
-    "sharp": "^0.31.3",
+    "react-hook-form": "^7.43.9",
+    "react-router": "^6.11.1",
+    "react-router-dom": "^6.11.1",
+    "schema-dts": "^1.1.2",
+    "sharp": "^0.32.1",
     "util": "^0.12.5",
     "wikidata-sdk": "^8.1.1"
   },
   "devDependencies": {
-    "@types/node": "^18.13.0",
-    "@types/react": "18.0.27",
-    "eslint": "8.33.0",
-    "eslint-config-next": "13.1.6",
-    "jest": "^29.4.2",
+    "@types/node": "^20.1.1",
+    "@types/react": "18.2.6",
+    "eslint": "8.40.0",
+    "eslint-config-next": "13.4.1",
+    "jest": "^29.5.0",
     "tsconfig": "workspace:*",
-    "typescript": "4.9.5"
+    "typescript": "5.0.4"
   },
   "resolutions": {
     "@types/react": "^17.0.1",

apps/entitree-images/pages/api/auth/[...nextauth].ts

@@ -1,9 +1,9 @@
 import GoogleProvider from "next-auth/providers/google";
-import NextAuth from "next-auth";
+import NextAuth, { AuthOptions } from "next-auth";
 import { PrismaAdapter } from "@next-auth/prisma-adapter";
 import { prismaClient } from "../../../prisma/prismaClient";
 
-export default NextAuth({
+export const authOptions: AuthOptions = {
   //debug: true,
   providers: [
     GoogleProvider({
@@ -25,4 +25,6 @@ export default NextAuth({
     },
   },
   adapter: PrismaAdapter(prismaClient),
-});
+};
+
+export default NextAuth(authOptions);

apps/entitree-images/prisma/schema.prisma

@@ -69,14 +69,19 @@ model User {
   email         String?   @unique
   emailVerified DateTime?
   image         String?
-  role          String?
+  role          Role      @default(USER)
   updatedAt     DateTime? @db.Date
 
   accounts Account[]
   sessions Session[]
   Image    Image[]
 }
 
+enum Role {
+  ADMIN
+  USER
+}
+
 model VerificationToken {
   id         Int      @id @default(autoincrement())
   identifier String

apps/entitree-images/providers/accessCheck.ts

@@ -0,0 +1,46 @@
+import { NextApiRequest, NextApiResponse } from "next";
+import {
+  fetchActionToAction,
+  ReactAdminFetchActions,
+  Permissions,
+  canAccess,
+} from "ra-data-simple-prisma";
+import { authProvider } from "./authProvider";
+import { authOptions } from "../pages/api/auth/[...nextauth]";
+import { getServerSession } from "next-auth";
+
+export const extractAccessObjFromReq = async (
+  req: NextApiRequest,
+  res: NextApiResponse
+) => {
+  const session = await getServerSession(req, res, authOptions);
+
+  //check permissions
+  const permissions: Permissions<string> = await authProvider(
+    session
+  ).getPermissions(null);
+
+  //convert getList to list, and updateMany to edit
+  const method = req.body.method as ReactAdminFetchActions;
+  const action = fetchActionToAction[method];
+
+  const resource: string = req.body.model ?? req.body.resource; //model can be undefined
+
+  return { permissions, action, resource };
+};
+
+export const accessCheck = async (
+  req: NextApiRequest,
+  res: NextApiResponse
+) => {
+  const access = await extractAccessObjFromReq(req, res);
+  if (!canAccess(access)) {
+    return res.status(403).json({
+      message:
+        "You do not have permission to " +
+        access.action +
+        " this resource: " +
+        access.resource,
+    });
+  }
+};

apps/entitree-images/providers/permissions.ts

@@ -0,0 +1,13 @@
+import { PermissionsConfig } from "../types/roles";
+
+export const permissionsConfig: PermissionsConfig = {
+  ADMIN: [{ action: "*", resource: "*" }], //admin can do anything
+  USER: [
+    { action: "*", resource: "*" },
+    {
+      type: "deny",
+      action: ["edit", "delete", "create", "list", "show", "export"],
+      resource: "user",
+    },
+  ],
+};

apps/entitree-images/types/roles.ts

@@ -0,0 +1,11 @@
+import { Permission } from "ra-data-simple-prisma";
+// import { Role } from "@prisma/client";
+import { prismaClient } from "../prisma/prismaClient";
+
+type Role = "ADMIN" | "USER";
+
+export type Permissions = Permission<keyof typeof prismaClient>[];
+
+export type PermissionsConfig = {
+  [role in Role]: Permissions;
+};