SimpleCloudNotifier/scnserver/logic/permissions.go

135 lines
4.5 KiB
Go
Raw Normal View History

2022-11-18 23:12:37 +01:00
package logic
import (
"blackforestbytes.com/simplecloudnotifier/api/apierr"
2022-12-20 13:55:09 +01:00
"blackforestbytes.com/simplecloudnotifier/api/ginresp"
"blackforestbytes.com/simplecloudnotifier/models"
2023-04-21 21:45:16 +02:00
"database/sql"
"errors"
"gogs.mikescher.com/BlackForestBytes/goext/ginext"
2022-11-18 23:12:37 +01:00
"gogs.mikescher.com/BlackForestBytes/goext/langext"
)
func (ac *AppContext) CheckPermissionUserRead(userid models.UserID) *ginext.HTTPResponse {
2022-11-18 23:12:37 +01:00
p := ac.permissions
2023-04-21 21:45:16 +02:00
if p.Token != nil && p.Token.IsUserRead(userid) {
2022-11-18 23:12:37 +01:00
return nil
}
2022-11-20 20:34:18 +01:00
return langext.Ptr(ginresp.APIError(ac.ginContext, 401, apierr.USER_AUTH_FAILED, "You are not authorized for this action", nil))
2022-11-18 23:12:37 +01:00
}
2022-11-18 23:28:37 +01:00
func (ac *AppContext) CheckPermissionSelfAllMessagesRead() *ginext.HTTPResponse {
2022-11-20 00:19:41 +01:00
p := ac.permissions
2023-04-21 21:45:16 +02:00
if p.Token != nil && p.Token.IsAllMessagesRead(p.Token.OwnerUserID) {
2022-11-20 00:19:41 +01:00
return nil
}
2022-11-20 20:34:18 +01:00
return langext.Ptr(ginresp.APIError(ac.ginContext, 401, apierr.USER_AUTH_FAILED, "You are not authorized for this action", nil))
2022-11-20 00:19:41 +01:00
}
func (ac *AppContext) CheckPermissionAllMessagesRead(userid models.UserID) *ginext.HTTPResponse {
2022-11-18 23:28:37 +01:00
p := ac.permissions
2023-04-21 21:45:16 +02:00
if p.Token != nil && p.Token.IsAllMessagesRead(userid) {
2022-11-18 23:28:37 +01:00
return nil
}
2022-11-20 20:34:18 +01:00
return langext.Ptr(ginresp.APIError(ac.ginContext, 401, apierr.USER_AUTH_FAILED, "You are not authorized for this action", nil))
}
func (ac *AppContext) CheckPermissionChanMessagesRead(channel models.Channel) *ginext.HTTPResponse {
2022-11-20 20:34:18 +01:00
p := ac.permissions
2023-04-21 21:45:16 +02:00
if p.Token != nil && p.Token.IsChannelMessagesRead(channel.ChannelID) {
if channel.OwnerUserID == p.Token.OwnerUserID {
return nil // owned channel
} else {
sub, err := ac.app.Database.Primary.GetSubscriptionBySubscriber(ac, p.Token.OwnerUserID, channel.ChannelID)
if errors.Is(err, sql.ErrNoRows) {
2023-04-21 21:45:16 +02:00
return langext.Ptr(ginresp.APIError(ac.ginContext, 401, apierr.USER_AUTH_FAILED, "You are not authorized for this action", nil))
}
if err != nil {
return langext.Ptr(ginresp.APIError(ac.ginContext, 500, apierr.DATABASE_ERROR, "Failed to query subscription", err))
}
if sub == nil {
return langext.Ptr(ginresp.APIError(ac.ginContext, 401, apierr.USER_AUTH_FAILED, "You are not authorized for this action (no subscription)", nil))
}
2023-04-21 21:45:16 +02:00
if !sub.Confirmed {
return langext.Ptr(ginresp.APIError(ac.ginContext, 401, apierr.USER_AUTH_FAILED, "You are not authorized for this action (subscription not confirmed)", nil))
2023-04-21 21:45:16 +02:00
}
2023-05-28 02:50:55 +02:00
return nil // subscribed channel
2023-04-21 21:45:16 +02:00
}
2022-11-20 20:34:18 +01:00
}
2023-04-21 21:45:16 +02:00
return langext.Ptr(ginresp.APIError(ac.ginContext, 401, apierr.USER_AUTH_FAILED, "You are not authorized for this action", nil))
}
func (ac *AppContext) CheckPermissionUserAdmin(userid models.UserID) *ginext.HTTPResponse {
2023-04-21 21:45:16 +02:00
p := ac.permissions
if p.Token != nil && p.Token.IsAdmin(userid) {
2022-11-20 20:34:18 +01:00
return nil
}
return langext.Ptr(ginresp.APIError(ac.ginContext, 401, apierr.USER_AUTH_FAILED, "You are not authorized for this action", nil))
2022-11-18 23:28:37 +01:00
}
func (ac *AppContext) CheckPermissionSend(channel models.Channel, key string) (*models.KeyToken, *ginext.HTTPResponse) {
2023-04-21 21:45:16 +02:00
keytok, err := ac.app.Database.Primary.GetKeyTokenByToken(ac, key)
if err != nil {
return nil, langext.Ptr(ginresp.APIError(ac.ginContext, 500, apierr.DATABASE_ERROR, "Failed to query token", err))
}
if keytok == nil {
return nil, langext.Ptr(ginresp.APIError(ac.ginContext, 401, apierr.USER_AUTH_FAILED, "You are not authorized for this action", nil))
}
2023-04-21 21:45:16 +02:00
if keytok.IsChannelMessagesSend(channel) {
return keytok, nil
}
return nil, langext.Ptr(ginresp.APIError(ac.ginContext, 401, apierr.USER_AUTH_FAILED, "You are not authorized for this action", nil))
}
2023-04-21 21:45:16 +02:00
func (ac *AppContext) CheckPermissionMessageRead(msg models.Message) bool {
p := ac.permissions
2023-04-21 21:45:16 +02:00
if p.Token != nil && p.Token.IsChannelMessagesRead(msg.ChannelID) {
return true
}
return false
}
func (ac *AppContext) CheckPermissionMessageDelete(msg models.Message) bool {
p := ac.permissions
if p.Token != nil && p.Token.IsAdmin(msg.SenderUserID) {
return true
}
return false
}
func (ac *AppContext) CheckPermissionAny() *ginext.HTTPResponse {
2023-04-21 21:45:16 +02:00
p := ac.permissions
if p.Token == nil {
return langext.Ptr(ginresp.APIError(ac.ginContext, 401, apierr.USER_AUTH_FAILED, "You are not authorized for this action", nil))
}
2023-04-21 21:45:16 +02:00
return nil
}
2023-04-21 21:45:16 +02:00
func (ac *AppContext) GetPermissionUserID() *models.UserID {
if ac.permissions.Token == nil {
return nil
} else {
return langext.Ptr(ac.permissions.Token.OwnerUserID)
}
}
2023-04-21 21:45:16 +02:00
func (ac *AppContext) GetPermissionKeyTokenID() *models.KeyTokenID {
if ac.permissions.Token == nil {
return nil
} else {
return langext.Ptr(ac.permissions.Token.KeyTokenID)
}
}