(add) ロール制御

This commit is contained in:
kakkokari-gtyih 2023-11-11 18:53:25 +09:00
parent 8608df20b2
commit 7694d17b2e
10 changed files with 53 additions and 4 deletions

1
locales/index.d.ts vendored
View file

@ -1665,6 +1665,7 @@ export interface Locale {
"gtlAvailable": string;
"ltlAvailable": string;
"canPublicNote": string;
"canScheduleNote": string;
"canInvite": string;
"inviteLimit": string;
"inviteLimitCycle": string;

View file

@ -1574,6 +1574,7 @@ _role:
gtlAvailable: "グローバルタイムラインの閲覧"
ltlAvailable: "ローカルタイムラインの閲覧"
canPublicNote: "パブリック投稿の許可"
canScheduleNote: "予約投稿の許可"
canInvite: "サーバー招待コードの発行"
inviteLimit: "招待コードの作成可能数"
inviteLimitCycle: "招待コードの発行間隔"

View file

@ -27,6 +27,7 @@ export type RolePolicies = {
gtlAvailable: boolean;
ltlAvailable: boolean;
canPublicNote: boolean;
canScheduleNote: boolean;
canInvite: boolean;
inviteLimit: number;
inviteLimitCycle: number;
@ -53,6 +54,7 @@ export const DEFAULT_POLICIES: RolePolicies = {
gtlAvailable: true,
ltlAvailable: true,
canPublicNote: true,
canScheduleNote: true,
canInvite: false,
inviteLimit: 0,
inviteLimitCycle: 60 * 24 * 7,
@ -303,6 +305,7 @@ export class RoleService implements OnApplicationShutdown {
gtlAvailable: calc('gtlAvailable', vs => vs.some(v => v === true)),
ltlAvailable: calc('ltlAvailable', vs => vs.some(v => v === true)),
canPublicNote: calc('canPublicNote', vs => vs.some(v => v === true)),
canScheduleNote: calc('canScheduleNote', vs => vs.some(v => v === true)),
canInvite: calc('canInvite', vs => vs.some(v => v === true)),
inviteLimit: calc('inviteLimit', vs => Math.max(...vs)),
inviteLimitCycle: calc('inviteLimitCycle', vs => Math.max(...vs)),

View file

@ -18,6 +18,7 @@ import { NoteEntityService } from '@/core/entities/NoteEntityService.js';
import { NoteCreateService } from '@/core/NoteCreateService.js';
import { QueueService } from '@/core/QueueService.js';
import { IdService } from '@/core/IdService.js';
import { RoleService } from '@/core/RoleService.js';
import { DI } from '@/di-symbols.js';
import { isPureRenote } from '@/misc/is-pure-renote.js';
import { ApiError } from '../../error.js';
@ -132,6 +133,12 @@ export const meta = {
code: 'NO_SUCH_SCHEDULE',
id: '44dee229-8da1-4a61-856d-e3a4bbc12032',
},
rolePermissionDenied: {
message: 'You are not assigned to a required role.',
code: 'ROLE_PERMISSION_DENIED',
kind: 'permission',
id: '7f86f06f-7e15-4057-8561-f4b6d4ac755a',
},
},
} as const;
@ -234,6 +241,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
private noteEntityService: NoteEntityService,
private noteCreateService: NoteCreateService,
private roleService: RoleService,
private queueService: QueueService,
private idService: IdService,
) {
@ -375,6 +383,11 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
};
if (ps.schedule) {
const canCreateScheduledNote = (await this.roleService.getUserPolicies(me.id)).canScheduleNote;
if (!canCreateScheduledNote) {
throw new ApiError(meta.errors.rolePermissionDenied);
}
if (!ps.schedule.expiresAt) {
throw new ApiError(meta.errors.specifyScheduleDate);
}

View file

@ -15,6 +15,7 @@ export const meta = {
tags: ['notes'],
requireCredential: true,
requireRolePolicy: 'canScheduleNote',
res: {
type: 'array',
optional: false, nullable: false,

View file

@ -929,13 +929,13 @@ function openOtherSettingsMenu(ev: MouseEvent) {
text: i18n.ts.reactionAcceptance,
icon: reactionAcceptanceIcon,
action: toggleReactionAcceptance,
}, {
}, ($i.policies?.canScheduleNote) ? {
type: 'button',
text: i18n.ts.schedulePost,
icon: 'ti ti-calendar-time',
indicate: (schedule != null),
action: toggleSchedule,
}, null, {
} : undefined, ...(($i.policies?.canScheduleNote) ? [ null, {
type: 'button',
text: i18n.ts._schedulePost.list,
icon: 'ti ti-calendar-event',
@ -944,7 +944,7 @@ function openOtherSettingsMenu(ev: MouseEvent) {
emit('cancel');
listSchedulePost();
},
}], ev.currentTarget ?? ev.target, {
}] : [])], ev.currentTarget ?? ev.target, {
align: 'right',
});
}

View file

@ -61,6 +61,7 @@ export const ROLE_POLICIES = [
'gtlAvailable',
'ltlAvailable',
'canPublicNote',
'canScheduleNote',
'canInvite',
'inviteLimit',
'inviteLimitCycle',

View file

@ -174,6 +174,7 @@ export const navbarItemDef = reactive({
scheduledNotes: {
title: i18n.ts._schedulePost.list,
icon: 'ti ti-calendar-event',
show: computed(() => $i && $i.policies?.canScheduleNote),
action: (ev) => {
os.listSchedulePost();
},

View file

@ -160,6 +160,26 @@ SPDX-License-Identifier: AGPL-3.0-only
</div>
</MkFolder>
<MkFolder v-if="matchQuery([i18n.ts._role._options.canScheduleNote, 'canScheduleNote'])">
<template #label>{{ i18n.ts._role._options.canScheduleNote }}</template>
<template #suffix>
<span v-if="role.policies.canScheduleNote.useDefault" :class="$style.useDefaultLabel">{{ i18n.ts._role.useBaseValue }}</span>
<span v-else>{{ role.policies.canScheduleNote.value ? i18n.ts.yes : i18n.ts.no }}</span>
<span :class="$style.priorityIndicator"><i :class="getPriorityIcon(role.policies.canScheduleNote)"></i></span>
</template>
<div class="_gaps">
<MkSwitch v-model="role.policies.canScheduleNote.useDefault" :readonly="readonly">
<template #label>{{ i18n.ts._role.useBaseValue }}</template>
</MkSwitch>
<MkSwitch v-model="role.policies.canScheduleNote.value" :disabled="role.policies.canScheduleNote.useDefault" :readonly="readonly">
<template #label>{{ i18n.ts.enable }}</template>
</MkSwitch>
<MkRange v-model="role.policies.canScheduleNote.priority" :min="0" :max="2" :step="1" easing :textConverter="(v) => v === 0 ? i18n.ts._role._priority.low : v === 1 ? i18n.ts._role._priority.middle : v === 2 ? i18n.ts._role._priority.high : ''">
<template #label>{{ i18n.ts._role.priority }}</template>
</MkRange>
</div>
</MkFolder>
<MkFolder v-if="matchQuery([i18n.ts._role._options.canInvite, 'canInvite'])">
<template #label>{{ i18n.ts._role._options.canInvite }}</template>
<template #suffix>
@ -549,7 +569,7 @@ import MkSwitch from '@/components/MkSwitch.vue';
import MkRange from '@/components/MkRange.vue';
import FormSlot from '@/components/form/slot.vue';
import { i18n } from '@/i18n.js';
import { ROLE_POLICIES } from '@/const';
import { ROLE_POLICIES } from '@/const.js';
import { instance } from '@/instance.js';
import { deepClone } from '@/scripts/clone.js';

View file

@ -48,6 +48,14 @@ SPDX-License-Identifier: AGPL-3.0-only
</MkSwitch>
</MkFolder>
<MkFolder v-if="matchQuery([i18n.ts._role._options.canScheduleNote, 'canScheduleNote'])">
<template #label>{{ i18n.ts._role._options.canScheduleNote }}</template>
<template #suffix>{{ policies.canScheduleNote ? i18n.ts.yes : i18n.ts.no }}</template>
<MkSwitch v-model="policies.canScheduleNote">
<template #label>{{ i18n.ts.enable }}</template>
</MkSwitch>
</MkFolder>
<MkFolder v-if="matchQuery([i18n.ts._role._options.canInvite, 'canInvite'])">
<template #label>{{ i18n.ts._role._options.canInvite }}</template>
<template #suffix>{{ policies.canInvite ? i18n.ts.yes : i18n.ts.no }}</template>