MyFavMirrors/moonfire-nvr
1
0
Fork 0
mirror of https://github.com/scottlamb/moonfire-nvr.git synced 2025-12-04 23:02:32 -05:00
Code Issues Packages Projects Releases Wiki Activity

add concept of user/session permissions

Browse Source 
(I also considered the names "capabilities" and "scopes", but I think
"permissions" is the most widely understood.)

This is increasingly necessary as the web API becomes more capable.
Among other things, it allows:

* non-administrator users who can view but not access camera passwords
  or change any state
* workers that update signal state based on cameras' built-in motion
  detection or a security system's events but don't need to view videos
* control over what can be done without authenticating

Currently session permissions are just copied from user permissions, but
you can also imagine admin sessions vs not, as a checkbox when signing
in. This would match the standard Unix workflow of using a
non-administrative session most of the time.

Relevant to my current signals work (#28) and to the addition of an
administrative API (#35, including #66).
This commit is contained in:
Scott Lamb
2019-06-19 15:17:50 -07:00
parent d8b8d5d5e0
commit fda7e4ca2b
23 changed files with 336 additions and 741 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
db/upgrade/v1_to_v2.rs
View File

@@ -33,6 +33,7 @@
use crate::dir;
use failure::{Error, bail, format_err};
use libc;
use protobuf::prelude::MessageField;
use rusqlite::types::ToSql;
use crate::schema::DirMeta;
use std::fs;
@@ -113,7 +114,7 @@ pub fn run(args: &super::Args, tx: &rusqlite::Transaction) -> Result<(), Error>
{
meta.db_uuid.extend_from_slice(db_uuid_bytes);
meta.dir_uuid.extend_from_slice(dir_uuid_bytes);
let open = meta.mut_last_complete_open();
let open = meta.last_complete_open.mut_message();
open.id = open_id;
open.uuid.extend_from_slice(&open_uuid_bytes);
}

5
db/upgrade/v2_to_v3.rs
View File

@@ -37,10 +37,11 @@ use crate::dir;
use failure::Error;
use libc;
use crate::schema;
use protobuf::prelude::MessageField;
use rusqlite::types::ToSql;
use std::io::{self, Write};
use std::mem;
use std::sync::Arc;
use rusqlite::types::ToSql;
use uuid::Uuid;
/// Opens the sample file dir.
@@ -68,7 +69,7 @@ fn open_sample_file_dir(tx: &rusqlite::Transaction) -> Result<Arc<dir::SampleFil
meta.db_uuid.extend_from_slice(&db_uuid.0.as_bytes()[..]);
meta.dir_uuid.extend_from_slice(&s_uuid.0.as_bytes()[..]);
{
let open = meta.mut_last_complete_open();
let open = meta.last_complete_open.mut_message();
open.id = o_id as u32;
open.uuid.extend_from_slice(&o_uuid.0.as_bytes()[..]);
}

3
db/upgrade/v3_to_v4.rs
View File

@@ -62,6 +62,9 @@ pub fn run(_args: &super::Args, tx: &rusqlite::Transaction) -> Result<(), Error>
time_90k integer primary key,
changes blob
);
alter table user add column permissions blob;
alter table user_session add column permissions blob;
"#)?;
Ok(())
}