✨ Permission check

2024-05-17 19:24:14 +08:00
parent 7d3b804516
commit 4e4fbb8ba9
5 changed files with 50 additions and 33 deletions
--- a/pkg/server/realms_api.go
+++ b/pkg/server/realms_api.go
@ -46,8 +46,8 @@ func listAvailableRealm(c *fiber.Ctx) error {

 func createRealm(c *fiber.Ctx) error {
 	user := c.Locals("principal").(models.Account)
-	if user.PowerLevel < 10 {
-		return fiber.NewError(fiber.StatusForbidden, "require power level 10 to create realms")
+	if err := utils.CheckPermissions(c, "CreateRealms", true); err != nil {
+		return err
 	}

 	var data struct {
--- a/pkg/services/accounts.go
+++ b/pkg/services/accounts.go
@ -104,7 +104,7 @@ func ConfirmAccount(code string) error {
 		for k, v := range viper.GetStringMap("permissions.verified") {
 			if val, ok := user.PermNodes[k]; !ok {
 				user.PermNodes[k] = v
-			} else if !HasPermNode(val, v) {
+			} else if !ComparePermNode(val, v) {
 				user.PermNodes[k] = v
 			}
 		}
--- a/pkg/services/perms.go
+++ b/pkg/services/perms.go
@ -6,7 +6,14 @@ import (
 	"strings"
 )

-func HasPermNode(held any, required any) bool {
+func HasPermNode(perms map[string]any, requiredKey string, requiredValue any) bool {
+	if heldValue, ok := perms[requiredKey]; ok {
+		return ComparePermNode(heldValue, requiredValue)
+	}
+	return false
+}
+
+func ComparePermNode(held any, required any) bool {
 	heldValue := reflect.ValueOf(held)
 	requiredValue := reflect.ValueOf(required)

--- a/pkg/utils/request.go
+++ b/pkg/utils/request.go
@ -1,6 +1,8 @@
 package utils

 import (
+	"fmt"
+	"git.solsynth.dev/hydrogen/passport/pkg/services"
 	"github.com/go-playground/validator/v10"
 	"github.com/gofiber/fiber/v2"
 	"github.com/samber/lo"
@ -19,6 +21,17 @@ func BindAndValidate(c *fiber.Ctx, out any) error {
 	return nil
 }

+func GetPermissions(c *fiber.Ctx) map[string]any {
+	return c.Locals("permissions").(map[string]any)
+}
+
+func CheckPermissions(c *fiber.Ctx, key string, val any) error {
+	if !services.HasPermNode(GetPermissions(c), key, val) {
+		return fiber.NewError(fiber.StatusForbidden, fmt.Sprintf("requires permission: %s = %v", key, val))
+	}
+	return nil
+}
+
 func GetRedirectUri(c *fiber.Ctx, fallback ...string) *string {
 	if len(c.Query("redirect_uri")) > 0 {
 		return lo.ToPtr(c.Query("redirect_uri"))