Add user permission system

scripts/igni-test.py

@@ -39,7 +39,17 @@
 
 # Add a user for the tests
 test_user = sp.run(
-    [vidformer_igni_bin, "user", "add", "--name", "test", "--api-key", "test"],
+    [
+        vidformer_igni_bin,
+        "user",
+        "add",
+        "--name",
+        "test",
+        "--api-key",
+        "test",
+        "--permissions",
+        "full",
+    ],
     capture_output=True,
     check=True,
     env=igni_env,
@@ -106,13 +116,7 @@
 )
 
 tmp_user = sp.run(
-    [
-        vidformer_igni_bin,
-        "user",
-        "add",
-        "--name",
-        "tmp_user",
-    ],
+    [vidformer_igni_bin, "user", "add", "--name", "tmp_user", "--permissions", "full"],
     check=True,
     capture_output=True,
     env=igni_env,

vidformer-igni/README.md

@@ -7,7 +7,7 @@ The next generation scale-out vidformer server.
 ```bash
 docker-compose -f docker-compose-db.yaml up
 export 'IGNI_DB=postgres://igni:igni@localhost:5432/igni'
-cargo run -- user add --name test --api-key test
+cargo run -- user add --name test --api-key test --permissions full
 cargo run -- server --config igni.toml
 ```
 

vidformer-igni/init/setup.sql

@@ -4,7 +4,8 @@ CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
 CREATE TABLE "user" (
     id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
     name TEXT NOT NULL UNIQUE, -- Not actually used for authentication, just for record keeping
-    api_key VARCHAR(32) NOT NULL UNIQUE
+    api_key VARCHAR(32) NOT NULL UNIQUE,
+    permissions JSONB NOT NULL
 );
 
 CREATE INDEX user_api_key_idx ON "user"(api_key);

vidformer-igni/src/main.rs

@@ -122,12 +122,19 @@ enum UserCmd {
     Rm(UserRmOpt),
 }
 
+#[derive(clap::ValueEnum, Debug, Clone)]
+enum UserPermissionLevel {
+    Full,
+}
+
 #[derive(Parser, Debug)]
 struct UserAddOpt {
     #[clap(long)]
     name: String,
     #[clap(long)]
     api_key: Option<String>,
+    #[clap(long)]
+    permissions: UserPermissionLevel,
 }
 
 #[derive(Parser, Debug)]
@@ -511,7 +518,10 @@ async fn cmd_user_add(
             .map(char::from)
             .collect(),
     };
-    let user_id = ops::add_user(&pool, &name, &api_key).await?;
+    let permissions = match add_user.permissions {
+        UserPermissionLevel::Full => server::UserPermissions::default_full(),
+    };
+    let user_id = ops::add_user(&pool, &name, &api_key, &permissions).await?;
     println!("{}", user_id);
     if add_user.api_key.is_none() {
         println!("{}", api_key);

vidformer-igni/src/ops.rs

@@ -1,5 +1,7 @@
 use std::collections::HashMap;
 
+use crate::server;
+
 use super::IgniError;
 
 pub(crate) async fn ping(pool: &sqlx::Pool<sqlx::Postgres>) -> Result<(), IgniError> {
@@ -54,15 +56,17 @@ pub(crate) async fn add_user(
     pool: &sqlx::Pool<sqlx::Postgres>,
     name: &str,
     api_key: &str,
+    permissions: &server::UserPermissions,
 ) -> Result<uuid::Uuid, IgniError> {
     let user_id = uuid::Uuid::new_v4();
-    sqlx::query("INSERT INTO \"user\" (id, name, api_key) VALUES ($1, $2, $3)")
+    let permissions = permissions.json_value();
+    sqlx::query("INSERT INTO \"user\" (id, name, api_key, permissions) VALUES ($1, $2, $3, $4)")
         .bind(user_id)
         .bind(name)
         .bind(api_key)
+        .bind(permissions)
         .execute(pool)
         .await?;
-
     Ok(user_id)
 }
 
@@ -90,6 +94,7 @@ pub(crate) async fn profile_and_add_source(
         })
         .await
         .expect("Failed joining blocking thread")?;
+
     let mut transaction = pool.begin().await?;
     let source_id = uuid::Uuid::new_v4();
     sqlx::query("INSERT INTO source (id, user_id, name, stream_idx, storage_service, storage_config, codec, pix_fmt, width, height, file_size) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)")

vidformer-igni/src/schema.rs

@@ -3,6 +3,7 @@ pub struct UserRow {
     pub id: uuid::Uuid,
     pub name: String,
     pub api_key: String,
+    pub permissions: serde_json::Value,
 }
 
 #[derive(sqlx::FromRow, Debug)]