SimpleCloudNotifier/server/logic/permissions.go

package logic

import (
	"blackforestbytes.com/simplecloudnotifier/api/apierr"
	"blackforestbytes.com/simplecloudnotifier/common/ginresp"
	"blackforestbytes.com/simplecloudnotifier/models"
	"gogs.mikescher.com/BlackForestBytes/goext/langext"
)

type PermKeyType string

const (
	PermKeyTypeNone      PermKeyType = "NONE"       // (nothing)
	PermKeyTypeUserSend  PermKeyType = "USER_SEND"  // send-messages
	PermKeyTypeUserRead  PermKeyType = "USER_READ"  // send-messages, list-messages, read-user
	PermKeyTypeUserAdmin PermKeyType = "USER_ADMIN" // send-messages, list-messages, read-user, delete-messages, update-user
)

type PermissionSet struct {
	UserID  *models.UserID
	KeyType PermKeyType
}

func NewEmptyPermissions() PermissionSet {
	return PermissionSet{
		UserID:  nil,
		KeyType: PermKeyTypeNone,
	}
}

func (ac *AppContext) CheckPermissionUserRead(userid models.UserID) *ginresp.HTTPResponse {
	p := ac.permissions
	if p.UserID != nil && *p.UserID == userid && p.KeyType == PermKeyTypeUserRead {
		return nil
	}
	if p.UserID != nil && *p.UserID == userid && p.KeyType == PermKeyTypeUserAdmin {
		return nil
	}

	return langext.Ptr(ginresp.APIError(ac.ginContext, 401, apierr.USER_AUTH_FAILED, "You are not authorized for this action", nil))
}

func (ac *AppContext) CheckPermissionRead() *ginresp.HTTPResponse {
	p := ac.permissions
	if p.UserID != nil && p.KeyType == PermKeyTypeUserRead {
		return nil
	}
	if p.UserID != nil && p.KeyType == PermKeyTypeUserAdmin {
		return nil
	}

	return langext.Ptr(ginresp.APIError(ac.ginContext, 401, apierr.USER_AUTH_FAILED, "You are not authorized for this action", nil))
}

func (ac *AppContext) CheckPermissionUserAdmin(userid models.UserID) *ginresp.HTTPResponse {
	p := ac.permissions
	if p.UserID != nil && *p.UserID == userid && p.KeyType == PermKeyTypeUserAdmin {
		return nil
	}

	return langext.Ptr(ginresp.APIError(ac.ginContext, 401, apierr.USER_AUTH_FAILED, "You are not authorized for this action", nil))
}

func (ac *AppContext) CheckPermissionSend() *ginresp.HTTPResponse {
	p := ac.permissions
	if p.UserID != nil && p.KeyType == PermKeyTypeUserSend {
		return nil
	}
	if p.UserID != nil && p.KeyType == PermKeyTypeUserAdmin {
		return nil
	}

	return langext.Ptr(ginresp.APIError(ac.ginContext, 401, apierr.USER_AUTH_FAILED, "You are not authorized for this action", nil))
}

func (ac *AppContext) CheckPermissionAny() *ginresp.HTTPResponse {
	p := ac.permissions
	if p.KeyType == PermKeyTypeNone {
		return langext.Ptr(ginresp.APIError(ac.ginContext, 401, apierr.USER_AUTH_FAILED, "You are not authorized for this action", nil))
	}

	return nil
}

func (ac *AppContext) CheckPermissionMessageReadDirect(msg models.Message) bool {
	p := ac.permissions
	if p.UserID != nil && msg.OwnerUserID == *p.UserID && p.KeyType == PermKeyTypeUserRead {
		return true
	}
	if p.UserID != nil && msg.OwnerUserID == *p.UserID && p.KeyType == PermKeyTypeUserAdmin {
		return true
	}

	return false
}

func (ac *AppContext) GetPermissionUserID() *models.UserID {
	if ac.permissions.UserID == nil {
		return nil
	} else {
		return langext.Ptr(*ac.permissions.UserID)
	}
}

func (ac *AppContext) IsPermissionUserRead() bool {
	p := ac.permissions
	return p.KeyType == PermKeyTypeUserRead || p.KeyType == PermKeyTypeUserAdmin
}

func (ac *AppContext) IsPermissionUserSend() bool {
	p := ac.permissions
	return p.KeyType == PermKeyTypeUserSend || p.KeyType == PermKeyTypeUserAdmin
}

func (ac *AppContext) IsPermissionUserAdmin() bool {
	p := ac.permissions
	return p.KeyType == PermKeyTypeUserAdmin
}
GetUser() works 2022-11-18 23:12:37 +01:00			`package logic`

			`import (`
			`"blackforestbytes.com/simplecloudnotifier/api/apierr"`
			`"blackforestbytes.com/simplecloudnotifier/common/ginresp"`
CreateSubscription(), UpdateSubscription(), GetMessage(), DeleteMessage() 2022-11-19 23:16:54 +01:00			`"blackforestbytes.com/simplecloudnotifier/models"`
GetUser() works 2022-11-18 23:12:37 +01:00			`"gogs.mikescher.com/BlackForestBytes/goext/langext"`
			`)`

			`type PermKeyType string`

			`const (`
CreateSubscription(), UpdateSubscription(), GetMessage(), DeleteMessage() 2022-11-19 23:16:54 +01:00			`PermKeyTypeNone PermKeyType = "NONE" // (nothing)`
			`PermKeyTypeUserSend PermKeyType = "USER_SEND" // send-messages`
			`PermKeyTypeUserRead PermKeyType = "USER_READ" // send-messages, list-messages, read-user`
			`PermKeyTypeUserAdmin PermKeyType = "USER_ADMIN" // send-messages, list-messages, read-user, delete-messages, update-user`
GetUser() works 2022-11-18 23:12:37 +01:00			`)`

			`type PermissionSet struct {`
Use ID types 2022-11-20 22:18:24 +01:00			`UserID *models.UserID`
CreateSubscription(), UpdateSubscription(), GetMessage(), DeleteMessage() 2022-11-19 23:16:54 +01:00			`KeyType PermKeyType`
GetUser() works 2022-11-18 23:12:37 +01:00			`}`

			`func NewEmptyPermissions() PermissionSet {`
			`return PermissionSet{`
CreateSubscription(), UpdateSubscription(), GetMessage(), DeleteMessage() 2022-11-19 23:16:54 +01:00			`UserID: nil,`
			`KeyType: PermKeyTypeNone,`
GetUser() works 2022-11-18 23:12:37 +01:00			`}`
			`}`

Use ID types 2022-11-20 22:18:24 +01:00			`func (ac AppContext) CheckPermissionUserRead(userid models.UserID) ginresp.HTTPResponse {`
GetUser() works 2022-11-18 23:12:37 +01:00			`p := ac.permissions`
CreateSubscription(), UpdateSubscription(), GetMessage(), DeleteMessage() 2022-11-19 23:16:54 +01:00			`if p.UserID != nil && *p.UserID == userid && p.KeyType == PermKeyTypeUserRead {`
GetUser() works 2022-11-18 23:12:37 +01:00			`return nil`
			`}`
CreateSubscription(), UpdateSubscription(), GetMessage(), DeleteMessage() 2022-11-19 23:16:54 +01:00			`if p.UserID != nil && *p.UserID == userid && p.KeyType == PermKeyTypeUserAdmin {`
GetUser() works 2022-11-18 23:12:37 +01:00			`return nil`
			`}`

CreateMessage() 2022-11-20 20:34:18 +01:00			`return langext.Ptr(ginresp.APIError(ac.ginContext, 401, apierr.USER_AUTH_FAILED, "You are not authorized for this action", nil))`
GetUser() works 2022-11-18 23:12:37 +01:00			`}`
UpdateUser() works 2022-11-18 23:28:37 +01:00
ListMessages() 2022-11-20 00:19:41 +01:00			`func (ac AppContext) CheckPermissionRead() ginresp.HTTPResponse {`
			`p := ac.permissions`
			`if p.UserID != nil && p.KeyType == PermKeyTypeUserRead {`
			`return nil`
			`}`
			`if p.UserID != nil && p.KeyType == PermKeyTypeUserAdmin {`
			`return nil`
			`}`

CreateMessage() 2022-11-20 20:34:18 +01:00			`return langext.Ptr(ginresp.APIError(ac.ginContext, 401, apierr.USER_AUTH_FAILED, "You are not authorized for this action", nil))`
ListMessages() 2022-11-20 00:19:41 +01:00			`}`

Use ID types 2022-11-20 22:18:24 +01:00			`func (ac AppContext) CheckPermissionUserAdmin(userid models.UserID) ginresp.HTTPResponse {`
UpdateUser() works 2022-11-18 23:28:37 +01:00			`p := ac.permissions`
CreateSubscription(), UpdateSubscription(), GetMessage(), DeleteMessage() 2022-11-19 23:16:54 +01:00			`if p.UserID != nil && *p.UserID == userid && p.KeyType == PermKeyTypeUserAdmin {`
UpdateUser() works 2022-11-18 23:28:37 +01:00			`return nil`
			`}`

CreateMessage() 2022-11-20 20:34:18 +01:00			`return langext.Ptr(ginresp.APIError(ac.ginContext, 401, apierr.USER_AUTH_FAILED, "You are not authorized for this action", nil))`
			`}`

			`func (ac AppContext) CheckPermissionSend() ginresp.HTTPResponse {`
			`p := ac.permissions`
			`if p.UserID != nil && p.KeyType == PermKeyTypeUserSend {`
			`return nil`
			`}`
			`if p.UserID != nil && p.KeyType == PermKeyTypeUserAdmin {`
			`return nil`
			`}`

			`return langext.Ptr(ginresp.APIError(ac.ginContext, 401, apierr.USER_AUTH_FAILED, "You are not authorized for this action", nil))`
UpdateUser() works 2022-11-18 23:28:37 +01:00			`}`
CreateSubscription(), UpdateSubscription(), GetMessage(), DeleteMessage() 2022-11-19 23:16:54 +01:00
			`func (ac AppContext) CheckPermissionAny() ginresp.HTTPResponse {`
			`p := ac.permissions`
			`if p.KeyType == PermKeyTypeNone {`
CreateMessage() 2022-11-20 20:34:18 +01:00			`return langext.Ptr(ginresp.APIError(ac.ginContext, 401, apierr.USER_AUTH_FAILED, "You are not authorized for this action", nil))`
CreateSubscription(), UpdateSubscription(), GetMessage(), DeleteMessage() 2022-11-19 23:16:54 +01:00			`}`

			`return nil`
			`}`

			`func (ac *AppContext) CheckPermissionMessageReadDirect(msg models.Message) bool {`
			`p := ac.permissions`
			`if p.UserID != nil && msg.OwnerUserID == *p.UserID && p.KeyType == PermKeyTypeUserRead {`
			`return true`
			`}`
			`if p.UserID != nil && msg.OwnerUserID == *p.UserID && p.KeyType == PermKeyTypeUserAdmin {`
			`return true`
			`}`

			`return false`
			`}`

Use ID types 2022-11-20 22:18:24 +01:00			`func (ac AppContext) GetPermissionUserID() models.UserID {`
CreateSubscription(), UpdateSubscription(), GetMessage(), DeleteMessage() 2022-11-19 23:16:54 +01:00			`if ac.permissions.UserID == nil {`
			`return nil`
			`} else {`
			`return langext.Ptr(*ac.permissions.UserID)`
			`}`
			`}`

			`func (ac *AppContext) IsPermissionUserRead() bool {`
			`p := ac.permissions`
			`return p.KeyType == PermKeyTypeUserRead \|\| p.KeyType == PermKeyTypeUserAdmin`
			`}`

			`func (ac *AppContext) IsPermissionUserSend() bool {`
			`p := ac.permissions`
			`return p.KeyType == PermKeyTypeUserSend \|\| p.KeyType == PermKeyTypeUserAdmin`
			`}`

			`func (ac *AppContext) IsPermissionUserAdmin() bool {`
			`p := ac.permissions`
			`return p.KeyType == PermKeyTypeUserAdmin`
			`}`