diff --git a/.idea/workspace.xml b/.idea/workspace.xml
index 82c913b..b53f1dd 100644
--- a/.idea/workspace.xml
+++ b/.idea/workspace.xml
@@ -4,10 +4,7 @@
-
-
-
-
+
@@ -41,32 +38,32 @@
- {
- "keyToString": {
- "DefaultGoTemplateProperty": "Go File",
- "Go 构建.Backend.executor": "Run",
- "RunOnceActivity.ShowReadmeOnStart": "true",
- "RunOnceActivity.go.formatter.settings.were.checked": "true",
- "RunOnceActivity.go.migrated.go.modules.settings": "true",
- "RunOnceActivity.go.modules.automatic.dependencies.download": "true",
- "RunOnceActivity.go.modules.go.list.on.any.changes.was.set": "true",
- "git-widget-placeholder": "master",
- "go.import.settings.migrated": "true",
- "go.sdk.automatically.set": "true",
- "last_opened_file_path": "/Users/littlesheep/Documents/Projects/Hydrogen/Passport/pkg/server/ui",
- "node.js.detected.package.eslint": "true",
- "node.js.selected.package.eslint": "(autodetect)",
- "nodejs_package_manager_path": "npm",
- "run.code.analysis.last.selected.profile": "pProject Default",
- "settings.editor.selected.configurable": "preferences.lookFeel",
- "vue.rearranger.settings.migration": "true"
+
+}]]>
@@ -139,7 +136,6 @@
-
@@ -164,7 +160,8 @@
-
+
+
true
diff --git a/pkg/server/realms_api.go b/pkg/server/realms_api.go
index a14a1ca..8944d02 100644
--- a/pkg/server/realms_api.go
+++ b/pkg/server/realms_api.go
@@ -46,8 +46,8 @@ func listAvailableRealm(c *fiber.Ctx) error {
func createRealm(c *fiber.Ctx) error {
user := c.Locals("principal").(models.Account)
- if user.PowerLevel < 10 {
- return fiber.NewError(fiber.StatusForbidden, "require power level 10 to create realms")
+ if err := utils.CheckPermissions(c, "CreateRealms", true); err != nil {
+ return err
}
var data struct {
diff --git a/pkg/services/accounts.go b/pkg/services/accounts.go
index 7739a8a..d734edc 100644
--- a/pkg/services/accounts.go
+++ b/pkg/services/accounts.go
@@ -104,7 +104,7 @@ func ConfirmAccount(code string) error {
for k, v := range viper.GetStringMap("permissions.verified") {
if val, ok := user.PermNodes[k]; !ok {
user.PermNodes[k] = v
- } else if !HasPermNode(val, v) {
+ } else if !ComparePermNode(val, v) {
user.PermNodes[k] = v
}
}
diff --git a/pkg/services/perms.go b/pkg/services/perms.go
index 9a6914d..438a6e1 100644
--- a/pkg/services/perms.go
+++ b/pkg/services/perms.go
@@ -6,7 +6,14 @@ import (
"strings"
)
-func HasPermNode(held any, required any) bool {
+func HasPermNode(perms map[string]any, requiredKey string, requiredValue any) bool {
+ if heldValue, ok := perms[requiredKey]; ok {
+ return ComparePermNode(heldValue, requiredValue)
+ }
+ return false
+}
+
+func ComparePermNode(held any, required any) bool {
heldValue := reflect.ValueOf(held)
requiredValue := reflect.ValueOf(required)
diff --git a/pkg/utils/request.go b/pkg/utils/request.go
index 4a15493..e82d7bc 100644
--- a/pkg/utils/request.go
+++ b/pkg/utils/request.go
@@ -1,6 +1,8 @@
package utils
import (
+ "fmt"
+ "git.solsynth.dev/hydrogen/passport/pkg/services"
"github.com/go-playground/validator/v10"
"github.com/gofiber/fiber/v2"
"github.com/samber/lo"
@@ -19,6 +21,17 @@ func BindAndValidate(c *fiber.Ctx, out any) error {
return nil
}
+func GetPermissions(c *fiber.Ctx) map[string]any {
+ return c.Locals("permissions").(map[string]any)
+}
+
+func CheckPermissions(c *fiber.Ctx, key string, val any) error {
+ if !services.HasPermNode(GetPermissions(c), key, val) {
+ return fiber.NewError(fiber.StatusForbidden, fmt.Sprintf("requires permission: %s = %v", key, val))
+ }
+ return nil
+}
+
func GetRedirectUri(c *fiber.Ctx, fallback ...string) *string {
if len(c.Query("redirect_uri")) > 0 {
return lo.ToPtr(c.Query("redirect_uri"))