#1064 implement tags in database and ACL

2023-07-18 10:32:02 +01:00
parent b52e58880e
commit f72acb6006
6 changed files with 56 additions and 1 deletions
--- a/lib/App/Netdisco/DB.pm
+++ b/lib/App/Netdisco/DB.pm
@@ -11,7 +11,7 @@ __PACKAGE__->load_namespaces(
 );

 our # try to hide from kwalitee
-  $VERSION = 80; # schema version used for upgrades, keep as integer
+  $VERSION = 81; # schema version used for upgrades, keep as integer

 use Path::Class;
 use File::ShareDir 'dist_dir';
--- a/lib/App/Netdisco/DB/Result/Device.pm
+++ b/lib/App/Netdisco/DB/Result/Device.pm
@@ -87,6 +87,8 @@ __PACKAGE__->add_columns(
  { data_type => "boolean", is_nullable => 1 },
  "custom_fields",
  { data_type => "jsonb", is_nullable => 0, default_value => \"{}" },
+  "tags",
+  { data_type => "text[]", is_nullable => 0, default_value => \"'{}'::text[]" },
 );
 __PACKAGE__->set_primary_key("ip");

--- a/lib/App/Netdisco/DB/Result/DevicePort.pm
+++ b/lib/App/Netdisco/DB/Result/DevicePort.pm
@@ -73,6 +73,8 @@ __PACKAGE__->add_columns(
  { data_type => "bigint", is_nullable => 1 },
  "custom_fields",
  { data_type => "jsonb", is_nullable => 0, default_value => \"{}" },
+  "tags",
+  { data_type => "text[]", is_nullable => 0, default_value => \"'{}'::text[]" },
 );
 __PACKAGE__->set_primary_key("port", "ip");

--- a/lib/App/Netdisco/Util/Permission.pm
+++ b/lib/App/Netdisco/Util/Permission.pm
@@ -201,6 +201,33 @@ sub check_acl {
          next RULE;
      }

+      if ($rule =~ m/^tag:(.+)$/) {
+          my $tag = $1;
+          my $found = false;
+
+          ITEM: foreach my $item (@$things) {
+              if (blessed $item) {
+                  if ($neg xor ($item->can('tags') and ref [] eq ref $item->tags
+                                and scalar grep {$_ eq $tag} @{ $item->tags })) {
+                    return true if not $all;
+                    $found = true;
+                    last ITEM;
+                  }
+              }
+              elsif (ref {} eq ref $item) {
+                  if ($neg xor (exists $item->{'tags'} and ref [] eq ref $item->{'tags'}
+                                and scalar grep {$_ eq $tag} @{ $item->{'tags'} })) {
+                    return true if not $all;
+                    $found = true;
+                    last ITEM;
+                  }
+              }
+          }
+
+          return false if $all and not $found;
+          next RULE;
+      }
+
      # prop:val
      # with a check that prop isn't just the first part of a v6 addr
      if ($rule =~ m/^([^:]+):(.*)$/ and $1 !~ m/^[a-f0-9]+$/i) {