From 4e4fbb8ba9da377cdb1f866b5ab5933b7da142e1 Mon Sep 17 00:00:00 2001 From: LittleSheep Date: Fri, 17 May 2024 19:24:14 +0800 Subject: [PATCH] :sparkles: Permission check --- .idea/workspace.xml | 55 +++++++++++++++++++--------------------- pkg/server/realms_api.go | 4 +-- pkg/services/accounts.go | 2 +- pkg/services/perms.go | 9 ++++++- pkg/utils/request.go | 13 ++++++++++ 5 files changed, 50 insertions(+), 33 deletions(-) diff --git a/.idea/workspace.xml b/.idea/workspace.xml index 82c913b..b53f1dd 100644 --- a/.idea/workspace.xml +++ b/.idea/workspace.xml @@ -4,10 +4,7 @@ - @@ -164,7 +160,8 @@ - true diff --git a/pkg/server/realms_api.go b/pkg/server/realms_api.go index a14a1ca..8944d02 100644 --- a/pkg/server/realms_api.go +++ b/pkg/server/realms_api.go @@ -46,8 +46,8 @@ func listAvailableRealm(c *fiber.Ctx) error { func createRealm(c *fiber.Ctx) error { user := c.Locals("principal").(models.Account) - if user.PowerLevel < 10 { - return fiber.NewError(fiber.StatusForbidden, "require power level 10 to create realms") + if err := utils.CheckPermissions(c, "CreateRealms", true); err != nil { + return err } var data struct { diff --git a/pkg/services/accounts.go b/pkg/services/accounts.go index 7739a8a..d734edc 100644 --- a/pkg/services/accounts.go +++ b/pkg/services/accounts.go @@ -104,7 +104,7 @@ func ConfirmAccount(code string) error { for k, v := range viper.GetStringMap("permissions.verified") { if val, ok := user.PermNodes[k]; !ok { user.PermNodes[k] = v - } else if !HasPermNode(val, v) { + } else if !ComparePermNode(val, v) { user.PermNodes[k] = v } } diff --git a/pkg/services/perms.go b/pkg/services/perms.go index 9a6914d..438a6e1 100644 --- a/pkg/services/perms.go +++ b/pkg/services/perms.go @@ -6,7 +6,14 @@ import ( "strings" ) -func HasPermNode(held any, required any) bool { +func HasPermNode(perms map[string]any, requiredKey string, requiredValue any) bool { + if heldValue, ok := perms[requiredKey]; ok { + return ComparePermNode(heldValue, requiredValue) + } + return false +} + +func ComparePermNode(held any, required any) bool { heldValue := reflect.ValueOf(held) requiredValue := reflect.ValueOf(required) diff --git a/pkg/utils/request.go b/pkg/utils/request.go index 4a15493..e82d7bc 100644 --- a/pkg/utils/request.go +++ b/pkg/utils/request.go @@ -1,6 +1,8 @@ package utils import ( + "fmt" + "git.solsynth.dev/hydrogen/passport/pkg/services" "github.com/go-playground/validator/v10" "github.com/gofiber/fiber/v2" "github.com/samber/lo" @@ -19,6 +21,17 @@ func BindAndValidate(c *fiber.Ctx, out any) error { return nil } +func GetPermissions(c *fiber.Ctx) map[string]any { + return c.Locals("permissions").(map[string]any) +} + +func CheckPermissions(c *fiber.Ctx, key string, val any) error { + if !services.HasPermNode(GetPermissions(c), key, val) { + return fiber.NewError(fiber.StatusForbidden, fmt.Sprintf("requires permission: %s = %v", key, val)) + } + return nil +} + func GetRedirectUri(c *fiber.Ctx, fallback ...string) *string { if len(c.Query("redirect_uri")) > 0 { return lo.ToPtr(c.Query("redirect_uri"))