myxelium/Toju
1
0
Fork 0
Code Issues 8 Pull Requests Actions Packages Projects 1 Releases 17 Wiki Activity

refactor: stricter domain: access-control

Browse Source
This commit is contained in:
SocksOnHead
2026-04-11 13:25:26 +02:00
parent 6800c73292
commit 0b9a9f311e
16 changed files with 46 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
toju-app/src/app/domains/README.md
View File

@@ -9,7 +9,7 @@ infrastructure adapters and UI.
| Domain | Purpose | Public entry point |
| -------------------- | ------------------------------------------------------------------------------------------------------------------ | ----------------------------------------------------------- |
| **attachment** | File upload/download, chunk transfer, persistence | `AttachmentFacade` |
| **access-control** | Role, permission, moderation, and room access rules | `normalizeRoomAccessControl()`, `resolveRoomPermission()` |
| **access-control** | Role, permission, ban matching, moderation, and room access rules | `normalizeRoomAccessControl()`, `resolveRoomPermission()`, `hasRoomBanForUser()` |
| **auth** | Login / register HTTP orchestration, user-bar UI | `AuthService` |
| **chat** | Messaging rules, sync logic, GIF/Klipy integration, chat UI | `KlipyService`, `canEditMessage()`, `ChatMessagesComponent` |
| **notifications** | Notification preferences, unread tracking, desktop alert orchestration | `NotificationsFacade` |

21
toju-app/src/app/domains/access-control/README.md
View File

@@ -7,13 +7,18 @@ Role and permission rules for servers, including default system roles, role assi
```
access-control/
├── domain/
│ ├── access-control.models.ts MemberIdentity and RoomPermissionDefinition domain types
── access-control.constants.ts SYSTEM_ROLE_IDS and permission metadata
│ ├── role.rules.ts Role defaults, normalization, ordering, create/update helpers
├── role-assignment.rules.ts Assignment normalization and member-role lookups
│ ├── permission.rules.ts Permission resolution and moderation hierarchy checks
├── room.rules.ts Legacy compatibility, room hydration, room-level normalization
│ └── access-control.logic.ts Public barrel for domain rules
│ ├── models/
│ └── access-control.model.ts MemberIdentity and RoomPermissionDefinition domain types
│ ├── constants/
│ └── access-control.constants.ts SYSTEM_ROLE_IDS and permission metadata
│ ├── util/
│ └── access-control.util.ts Internal helpers (normalization, identity matching, sorting)
│ └── rules/
│ ├── role.rules.ts Role defaults, normalization, ordering, create/update helpers
│ ├── role-assignment.rules.ts Assignment normalization and member-role lookups
│ ├── permission.rules.ts Permission resolution and moderation hierarchy checks
│ ├── room.rules.ts Legacy compatibility, room hydration, room-level normalization
│ └── ban.rules.ts Ban matching and user-ban resolution
└── index.ts Domain barrel used by other layers
```
@@ -29,6 +34,8 @@ access-control/
| `canManageMember(...)` | Applies both permission checks and role hierarchy checks |
| `canManageRole(...)` | Prevents editing roles at or above the actor's highest role |
| `normalizeRoomAccessControl(room)` | Produces a fully hydrated room with normalized roles, assignments, overrides, and legacy compatibility fields |
| `hasRoomBanForUser(bans, user, persistedUserId?)` | Returns true when any active ban entry targets the provided user |
| `isRoomBanMatch(ban, user, persistedUserId?)` | Returns true when a single ban entry targets the provided user |
## Layering

6
toju-app/src/app/domains/access-control/domain/access-control.logic.ts
View File

@@ -1,6 +0,0 @@
export * from './access-control.models';
export * from './access-control.constants';
export * from './role.rules';
export * from './role-assignment.rules';
export * from './permission.rules';
export * from './room.rules';

2
toju-app/src/app/domains/access-control/domain/access-control.constants.ts → toju-app/src/app/domains/access-control/domain/constants/access-control.constants.ts
View File

@@ -1,4 +1,4 @@
import type { RoomPermissionDefinition } from './access-control.models';
import type { RoomPermissionDefinition } from '../models/access-control.model';
export const SYSTEM_ROLE_IDS = {
everyone: 'system-everyone',

2
toju-app/src/app/domains/access-control/domain/access-control.models.ts → toju-app/src/app/domains/access-control/domain/models/access-control.model.ts
View File

@@ -2,7 +2,7 @@ import type {
RoomMember,
RoomPermissionKey,
User
} from '../../../shared-kernel';
} from '../../../../shared-kernel';
export interface RoomPermissionDefinition {
key: RoomPermissionKey;

2
toju-app/src/app/core/helpers/room-ban.helpers.ts → toju-app/src/app/domains/access-control/domain/rules/ban.rules.ts
View File

@@ -1,4 +1,4 @@
import { BanEntry, User } from '../models/index';
import { BanEntry, User } from '../../../../shared-kernel';
type BanAwareUser = Pick<User, 'id' | 'oderId'> | null | undefined;

8
toju-app/src/app/domains/access-control/domain/permission.rules.ts → toju-app/src/app/domains/access-control/domain/rules/permission.rules.ts
View File

@@ -4,9 +4,9 @@ import {
Room,
RoomPermissionKey,
RoomRole
} from '../../../shared-kernel';
import { SYSTEM_ROLE_IDS } from './access-control.constants';
import type { MemberIdentity } from './access-control.models';
} from '../../../../shared-kernel';
import { SYSTEM_ROLE_IDS } from '../constants/access-control.constants';
import type { MemberIdentity } from '../models/access-control.model';
import {
buildRoleLookup,
getRolePermissionState,
@@ -14,7 +14,7 @@ import {
normalizePermissionState,
roleSortAscending,
compareText
} from './access-control.internal';
} from '../util/access-control.util';
import { getAssignedRoleIds, getHighestAssignedRole } from './role-assignment.rules';
import { getRoomRoleById, normalizeRoomRoles } from './role.rules';

8
toju-app/src/app/domains/access-control/domain/role-assignment.rules.ts → toju-app/src/app/domains/access-control/domain/rules/role-assignment.rules.ts
View File

@@ -3,9 +3,9 @@ import {
RoomMember,
RoomRole,
RoomRoleAssignment
} from '../../../shared-kernel';
import { SYSTEM_ROLE_IDS } from './access-control.constants';
import type { MemberIdentity } from './access-control.models';
} from '../../../../shared-kernel';
import { SYSTEM_ROLE_IDS } from '../constants/access-control.constants';
import type { MemberIdentity } from '../models/access-control.model';
import {
buildRoleLookup,
compareText,
@@ -13,7 +13,7 @@ import {
matchesIdentity,
roleSortDescending,
uniqueStrings
} from './access-control.internal';
} from '../util/access-control.util';
import { getRoomRoleById, normalizeRoomRoles } from './role.rules';
function sortAssignments(assignments: readonly RoomRoleAssignment[]): RoomRoleAssignment[] {

6
toju-app/src/app/domains/access-control/domain/role.rules.ts → toju-app/src/app/domains/access-control/domain/rules/role.rules.ts
View File

@@ -2,8 +2,8 @@ import {
RoomPermissionMatrix,
RoomPermissions,
RoomRole
} from '../../../shared-kernel';
import { SYSTEM_ROLE_IDS } from './access-control.constants';
} from '../../../../shared-kernel';
import { SYSTEM_ROLE_IDS } from '../constants/access-control.constants';
import {
buildRoleLookup,
buildSystemRole,
@@ -12,7 +12,7 @@ import {
normalizePermissionMatrix,
roleSortAscending,
roleSortDescending
} from './access-control.internal';
} from '../util/access-control.util';
const ROLE_COLORS = {
everyone: '#6b7280',

8
toju-app/src/app/domains/access-control/domain/room.rules.ts → toju-app/src/app/domains/access-control/domain/rules/room.rules.ts
View File

@@ -7,14 +7,14 @@ import {
RoomRole,
RoomRoleAssignment,
UserRole
} from '../../../shared-kernel';
import { SYSTEM_ROLE_IDS } from './access-control.constants';
} from '../../../../shared-kernel';
import { SYSTEM_ROLE_IDS } from '../constants/access-control.constants';
import {
getRolePermissionState,
permissionStateToBoolean,
resolveLegacyAllowState
} from './access-control.internal';
import type { MemberIdentity } from './access-control.models';
} from '../util/access-control.util';
import type { MemberIdentity } from '../models/access-control.model';
import {
getAssignedRoleIds,
normalizeRoomRoleAssignments,

4
toju-app/src/app/domains/access-control/domain/access-control.internal.ts → toju-app/src/app/domains/access-control/domain/util/access-control.util.ts
View File

@@ -5,8 +5,8 @@ import {
RoomRole,
RoomRoleAssignment,
ROOM_PERMISSION_KEYS
} from '../../../shared-kernel';
import type { MemberIdentity } from './access-control.models';
} from '../../../../shared-kernel';
import type { MemberIdentity } from '../models/access-control.model';
export function normalizeName(name: string): string {
return name.trim().replace(/\s+/g, ' ');

13
toju-app/src/app/domains/access-control/index.ts
View File

@@ -1,6 +1,7 @@
export * from './domain/access-control.models';
export * from './domain/access-control.constants';
export * from './domain/role.rules';
export * from './domain/role-assignment.rules';
export * from './domain/permission.rules';
export * from './domain/room.rules';
export * from './domain/models/access-control.model';
export * from './domain/constants/access-control.constants';
export * from './domain/rules/role.rules';
export * from './domain/rules/role-assignment.rules';
export * from './domain/rules/permission.rules';
export * from './domain/rules/room.rules';
export * from './domain/rules/ban.rules';

2
toju-app/src/app/domains/server-directory/feature/server-search/server-search.component.ts
View File

@@ -40,7 +40,7 @@ import { type ServerInfo } from '../../domain/server-directory.models';
import { ServerDirectoryFacade } from '../../application/server-directory.facade';
import { selectCurrentUser } from '../../../../store/users/users.selectors';
import { ConfirmDialogComponent } from '../../../../shared';
import { hasRoomBanForUser } from '../../../../core/helpers/room-ban.helpers';
import { hasRoomBanForUser } from '../../../access-control';
@Component({
selector: 'app-server-search',

2
toju-app/src/app/features/servers/servers-rail.component.ts
View File

@@ -32,7 +32,7 @@ import { RoomsActions } from '../../store/rooms/rooms.actions';
import { DatabaseService } from '../../infrastructure/persistence';
import { NotificationsFacade } from '../../domains/notifications';
import { type ServerInfo, ServerDirectoryFacade } from '../../domains/server-directory';
import { hasRoomBanForUser } from '../../core/helpers/room-ban.helpers';
import { hasRoomBanForUser } from '../../domains/access-control';
import {
ConfirmDialogComponent,
ContextMenuComponent,

2
toju-app/src/app/store/rooms/room-state-sync.effects.ts
View File

@@ -40,7 +40,7 @@ import {
VoiceState
} from '../../shared-kernel';
import { NotificationAudioService, AppSound } from '../../core/services/notification-audio.service';
import { hasRoomBanForUser } from '../../core/helpers/room-ban.helpers';
import { hasRoomBanForUser } from '../../domains/access-control';
import { RECONNECT_SOUND_GRACE_MS } from '../../core/constants';
import { VoiceSessionFacade } from '../../domains/voice-session';
import {

2
toju-app/src/app/store/rooms/rooms.effects.ts
View File

@@ -41,7 +41,7 @@ import {
saveLastViewedChatToStorage
} from '../../infrastructure/persistence';
import { ServerDirectoryFacade } from '../../domains/server-directory';
import { hasRoomBanForUser } from '../../core/helpers/room-ban.helpers';
import { hasRoomBanForUser } from '../../domains/access-control';
import { Room } from '../../shared-kernel';
import {
removeRoomMember,