2022-11-18 23:12:37 +01:00
package logic
import (
"blackforestbytes.com/simplecloudnotifier/api/apierr"
2022-12-20 13:55:09 +01:00
"blackforestbytes.com/simplecloudnotifier/api/ginresp"
2022-11-19 23:16:54 +01:00
"blackforestbytes.com/simplecloudnotifier/models"
2023-04-21 21:45:16 +02:00
"database/sql"
2022-11-18 23:12:37 +01:00
"gogs.mikescher.com/BlackForestBytes/goext/langext"
)
2022-11-20 22:18:24 +01:00
func ( ac * AppContext ) CheckPermissionUserRead ( userid models . UserID ) * ginresp . HTTPResponse {
2022-11-18 23:12:37 +01:00
p := ac . permissions
2023-04-21 21:45:16 +02:00
if p . Token != nil && p . Token . IsUserRead ( userid ) {
2022-11-18 23:12:37 +01:00
return nil
}
2022-11-20 20:34:18 +01:00
return langext . Ptr ( ginresp . APIError ( ac . ginContext , 401 , apierr . USER_AUTH_FAILED , "You are not authorized for this action" , nil ) )
2022-11-18 23:12:37 +01:00
}
2022-11-18 23:28:37 +01:00
2023-04-21 21:45:16 +02:00
func ( ac * AppContext ) CheckPermissionSelfAllMessagesRead ( ) * ginresp . HTTPResponse {
2022-11-20 00:19:41 +01:00
p := ac . permissions
2023-04-21 21:45:16 +02:00
if p . Token != nil && p . Token . IsAllMessagesRead ( p . Token . OwnerUserID ) {
2022-11-20 00:19:41 +01:00
return nil
}
2022-11-20 20:34:18 +01:00
return langext . Ptr ( ginresp . APIError ( ac . ginContext , 401 , apierr . USER_AUTH_FAILED , "You are not authorized for this action" , nil ) )
2022-11-20 00:19:41 +01:00
}
2023-04-21 21:45:16 +02:00
func ( ac * AppContext ) CheckPermissionAllMessagesRead ( userid models . UserID ) * ginresp . HTTPResponse {
2022-11-18 23:28:37 +01:00
p := ac . permissions
2023-04-21 21:45:16 +02:00
if p . Token != nil && p . Token . IsAllMessagesRead ( userid ) {
2022-11-18 23:28:37 +01:00
return nil
}
2022-11-20 20:34:18 +01:00
return langext . Ptr ( ginresp . APIError ( ac . ginContext , 401 , apierr . USER_AUTH_FAILED , "You are not authorized for this action" , nil ) )
}
2023-04-21 21:45:16 +02:00
func ( ac * AppContext ) CheckPermissionChanMessagesRead ( channel models . Channel ) * ginresp . HTTPResponse {
2022-11-20 20:34:18 +01:00
p := ac . permissions
2023-04-21 21:45:16 +02:00
if p . Token != nil && p . Token . IsChannelMessagesRead ( channel . ChannelID ) {
if channel . OwnerUserID == p . Token . OwnerUserID {
return nil // owned channel
} else {
sub , err := ac . app . Database . Primary . GetSubscriptionBySubscriber ( ac , p . Token . OwnerUserID , channel . ChannelID )
if err == sql . ErrNoRows {
return langext . Ptr ( ginresp . APIError ( ac . ginContext , 401 , apierr . USER_AUTH_FAILED , "You are not authorized for this action" , nil ) )
}
if err != nil {
return langext . Ptr ( ginresp . APIError ( ac . ginContext , 500 , apierr . DATABASE_ERROR , "Failed to query subscription" , err ) )
}
2023-05-28 03:38:33 +02:00
if sub == nil {
return langext . Ptr ( ginresp . APIError ( ac . ginContext , 401 , apierr . USER_AUTH_FAILED , "You are not authorized for this action (no subscription)" , nil ) )
}
2023-04-21 21:45:16 +02:00
if ! sub . Confirmed {
2023-05-28 03:38:33 +02:00
return langext . Ptr ( ginresp . APIError ( ac . ginContext , 401 , apierr . USER_AUTH_FAILED , "You are not authorized for this action (subscription not confirmed)" , nil ) )
2023-04-21 21:45:16 +02:00
}
2023-05-28 02:50:55 +02:00
return nil // subscribed channel
2023-04-21 21:45:16 +02:00
}
2022-11-20 20:34:18 +01:00
}
2023-04-21 21:45:16 +02:00
return langext . Ptr ( ginresp . APIError ( ac . ginContext , 401 , apierr . USER_AUTH_FAILED , "You are not authorized for this action" , nil ) )
}
func ( ac * AppContext ) CheckPermissionUserAdmin ( userid models . UserID ) * ginresp . HTTPResponse {
p := ac . permissions
if p . Token != nil && p . Token . IsAdmin ( userid ) {
2022-11-20 20:34:18 +01:00
return nil
}
return langext . Ptr ( ginresp . APIError ( ac . ginContext , 401 , apierr . USER_AUTH_FAILED , "You are not authorized for this action" , nil ) )
2022-11-18 23:28:37 +01:00
}
2022-11-19 23:16:54 +01:00
2023-04-21 21:45:16 +02:00
func ( ac * AppContext ) CheckPermissionSend ( channel models . Channel , key string ) ( * models . KeyToken , * ginresp . HTTPResponse ) {
keytok , err := ac . app . Database . Primary . GetKeyTokenByToken ( ac , key )
if err != nil {
return nil , langext . Ptr ( ginresp . APIError ( ac . ginContext , 500 , apierr . DATABASE_ERROR , "Failed to query token" , err ) )
}
if keytok == nil {
return nil , langext . Ptr ( ginresp . APIError ( ac . ginContext , 401 , apierr . USER_AUTH_FAILED , "You are not authorized for this action" , nil ) )
2022-11-19 23:16:54 +01:00
}
2023-04-21 21:45:16 +02:00
if keytok . IsChannelMessagesSend ( channel ) {
return keytok , nil
}
return nil , langext . Ptr ( ginresp . APIError ( ac . ginContext , 401 , apierr . USER_AUTH_FAILED , "You are not authorized for this action" , nil ) )
2022-11-19 23:16:54 +01:00
}
2023-04-21 21:45:16 +02:00
func ( ac * AppContext ) CheckPermissionMessageRead ( msg models . Message ) bool {
2022-11-19 23:16:54 +01:00
p := ac . permissions
2023-04-21 21:45:16 +02:00
if p . Token != nil && p . Token . IsChannelMessagesRead ( msg . ChannelID ) {
2022-11-19 23:16:54 +01:00
return true
}
return false
}
2023-04-21 21:45:16 +02:00
func ( ac * AppContext ) CheckPermissionAny ( ) * ginresp . HTTPResponse {
p := ac . permissions
if p . Token == nil {
return langext . Ptr ( ginresp . APIError ( ac . ginContext , 401 , apierr . USER_AUTH_FAILED , "You are not authorized for this action" , nil ) )
2022-11-19 23:16:54 +01:00
}
2023-04-21 21:45:16 +02:00
return nil
2022-11-19 23:16:54 +01:00
}
2023-04-21 21:45:16 +02:00
func ( ac * AppContext ) GetPermissionUserID ( ) * models . UserID {
if ac . permissions . Token == nil {
return nil
} else {
return langext . Ptr ( ac . permissions . Token . OwnerUserID )
}
2022-11-19 23:16:54 +01:00
}
2023-04-21 21:45:16 +02:00
func ( ac * AppContext ) GetPermissionKeyTokenID ( ) * models . KeyTokenID {
if ac . permissions . Token == nil {
return nil
} else {
return langext . Ptr ( ac . permissions . Token . KeyTokenID )
}
2022-11-19 23:16:54 +01:00
}