Skip to content

Commit 14e1661

Browse files
fullenifulleni
committed
feat(api): register app_review model in the data API
 Adds a `ModelConfig` for the new `AppReview` model to the central model registry. This configuration defines it as a user-owned resource, mapping the `create`, `read`, and `update` actions to their corresponding `app_review.*_owned` permissions and enabling ownership checks. This makes the `AppReview` model accessible via the generic `/data` endpoint.
1 parent 787d3a9 commit 14e1661

File tree

2 files changed

+84
-2
lines changed

2 files changed

+84
-2
lines changed

lib/src/rbac/role_permissions.dart

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -38,8 +38,6 @@ final Set<String> _appGuestUserPermissions = {
3838
Permissions.engagementDeleteOwned,
3939
Permissions.reportCreateOwned,
4040
Permissions.reportReadOwned,
41-
42-
// App Review Permissions
4341
Permissions.appReviewCreateOwned,
4442
Permissions.appReviewReadOwned,
4543
Permissions.appReviewUpdateOwned,

lib/src/registry/model_registry.dart

Lines changed: 84 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -500,6 +500,90 @@ final modelRegistry = <String, ModelConfig<dynamic>>{
500500
requiresOwnershipCheck: true,
501501
),
502502
),
503+
'engagement': ModelConfig<Engagement>(
504+
fromJson: Engagement.fromJson,
505+
getId: (e) => e.id,
506+
getOwnerId: (dynamic item) => (item as Engagement).userId,
507+
getCollectionPermission: const ModelActionPermission(
508+
type: RequiredPermissionType.specificPermission,
509+
permission: Permissions.engagementReadOwned,
510+
requiresOwnershipCheck: true,
511+
),
512+
getItemPermission: const ModelActionPermission(
513+
type: RequiredPermissionType.specificPermission,
514+
permission: Permissions.engagementReadOwned,
515+
requiresOwnershipCheck: true,
516+
),
517+
postPermission: const ModelActionPermission(
518+
type: RequiredPermissionType.specificPermission,
519+
permission: Permissions.engagementCreateOwned,
520+
),
521+
putPermission: const ModelActionPermission(
522+
type: RequiredPermissionType.specificPermission,
523+
permission: Permissions.engagementUpdateOwned,
524+
requiresOwnershipCheck: true,
525+
),
526+
deletePermission: const ModelActionPermission(
527+
type: RequiredPermissionType.specificPermission,
528+
permission: Permissions.engagementDeleteOwned,
529+
requiresOwnershipCheck: true,
530+
),
531+
),
532+
'report': ModelConfig<Report>(
533+
fromJson: Report.fromJson,
534+
getId: (r) => r.id,
535+
getOwnerId: (dynamic item) => (item as Report).reporterUserId,
536+
getCollectionPermission: const ModelActionPermission(
537+
type: RequiredPermissionType.specificPermission,
538+
permission: Permissions.reportReadOwned,
539+
requiresOwnershipCheck: true,
540+
),
541+
getItemPermission: const ModelActionPermission(
542+
type: RequiredPermissionType.unsupported,
543+
),
544+
postPermission: const ModelActionPermission(
545+
type: RequiredPermissionType.specificPermission,
546+
permission: Permissions.reportCreateOwned,
547+
),
548+
putPermission: const ModelActionPermission(
549+
type: RequiredPermissionType.unsupported,
550+
),
551+
deletePermission: const ModelActionPermission(
552+
type: RequiredPermissionType.unsupported,
553+
),
554+
),
555+
'app_review': ModelConfig<AppReview>(
556+
fromJson: AppReview.fromJson,
557+
getId: (r) => r.id,
558+
getOwnerId: (dynamic item) => (item as AppReview).userId,
559+
// Collection GET is allowed for a user to fetch their own review record.
560+
getCollectionPermission: const ModelActionPermission(
561+
type: RequiredPermissionType.specificPermission,
562+
permission: Permissions.appReviewReadOwned,
563+
requiresOwnershipCheck: true,
564+
),
565+
// Item GET is allowed for a user to fetch their own review record.
566+
getItemPermission: const ModelActionPermission(
567+
type: RequiredPermissionType.specificPermission,
568+
permission: Permissions.appReviewReadOwned,
569+
requiresOwnershipCheck: true,
570+
),
571+
// POST is allowed for a user to create their initial review record.
572+
postPermission: const ModelActionPermission(
573+
type: RequiredPermissionType.specificPermission,
574+
permission: Permissions.appReviewCreateOwned,
575+
),
576+
// PUT is allowed for a user to update their review record (e.g., add
577+
// negative feedback history).
578+
putPermission: const ModelActionPermission(
579+
type: RequiredPermissionType.specificPermission,
580+
permission: Permissions.appReviewUpdateOwned,
581+
requiresOwnershipCheck: true,
582+
),
583+
deletePermission: const ModelActionPermission(
584+
type: RequiredPermissionType.unsupported,
585+
),
586+
),
503587
};
504588

505589
/// Type alias for the ModelRegistry map for easier provider usage.

0 commit comments

Comments
 (0)