✨ Permission check
This commit is contained in:
parent
7d3b804516
commit
4e4fbb8ba9
55
.idea/workspace.xml
generated
55
.idea/workspace.xml
generated
@ -4,10 +4,7 @@
|
|||||||
<option name="autoReloadType" value="ALL" />
|
<option name="autoReloadType" value="ALL" />
|
||||||
</component>
|
</component>
|
||||||
<component name="ChangeListManager">
|
<component name="ChangeListManager">
|
||||||
<list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":sparkles: Basis perm nodes feature">
|
<list default="true" id="3fefb2c4-b6f9-466b-a523-53352e8d6f95" name="更改" comment=":sparkles: Permission check" />
|
||||||
<change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
|
|
||||||
<change beforePath="$PROJECT_DIR$/pkg/server/ws.go" beforeDir="false" afterPath="$PROJECT_DIR$/pkg/server/ws.go" afterDir="false" />
|
|
||||||
</list>
|
|
||||||
<option name="SHOW_DIALOG" value="false" />
|
<option name="SHOW_DIALOG" value="false" />
|
||||||
<option name="HIGHLIGHT_CONFLICTS" value="true" />
|
<option name="HIGHLIGHT_CONFLICTS" value="true" />
|
||||||
<option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />
|
<option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />
|
||||||
@ -41,32 +38,32 @@
|
|||||||
<option name="hideEmptyMiddlePackages" value="true" />
|
<option name="hideEmptyMiddlePackages" value="true" />
|
||||||
<option name="showLibraryContents" value="true" />
|
<option name="showLibraryContents" value="true" />
|
||||||
</component>
|
</component>
|
||||||
<component name="PropertiesComponent">{
|
<component name="PropertiesComponent"><![CDATA[{
|
||||||
"keyToString": {
|
"keyToString": {
|
||||||
"DefaultGoTemplateProperty": "Go File",
|
"DefaultGoTemplateProperty": "Go File",
|
||||||
"Go 构建.Backend.executor": "Run",
|
"Go 构建.Backend.executor": "Run",
|
||||||
"RunOnceActivity.ShowReadmeOnStart": "true",
|
"RunOnceActivity.ShowReadmeOnStart": "true",
|
||||||
"RunOnceActivity.go.formatter.settings.were.checked": "true",
|
"RunOnceActivity.go.formatter.settings.were.checked": "true",
|
||||||
"RunOnceActivity.go.migrated.go.modules.settings": "true",
|
"RunOnceActivity.go.migrated.go.modules.settings": "true",
|
||||||
"RunOnceActivity.go.modules.automatic.dependencies.download": "true",
|
"RunOnceActivity.go.modules.automatic.dependencies.download": "true",
|
||||||
"RunOnceActivity.go.modules.go.list.on.any.changes.was.set": "true",
|
"RunOnceActivity.go.modules.go.list.on.any.changes.was.set": "true",
|
||||||
"git-widget-placeholder": "master",
|
"git-widget-placeholder": "master",
|
||||||
"go.import.settings.migrated": "true",
|
"go.import.settings.migrated": "true",
|
||||||
"go.sdk.automatically.set": "true",
|
"go.sdk.automatically.set": "true",
|
||||||
"last_opened_file_path": "/Users/littlesheep/Documents/Projects/Hydrogen/Passport/pkg/server/ui",
|
"last_opened_file_path": "/Users/littlesheep/Documents/Projects/Hydrogen/Passport/pkg/server/ui",
|
||||||
"node.js.detected.package.eslint": "true",
|
"node.js.detected.package.eslint": "true",
|
||||||
"node.js.selected.package.eslint": "(autodetect)",
|
"node.js.selected.package.eslint": "(autodetect)",
|
||||||
"nodejs_package_manager_path": "npm",
|
"nodejs_package_manager_path": "npm",
|
||||||
"run.code.analysis.last.selected.profile": "pProject Default",
|
"run.code.analysis.last.selected.profile": "pProject Default",
|
||||||
"settings.editor.selected.configurable": "preferences.lookFeel",
|
"settings.editor.selected.configurable": "preferences.lookFeel",
|
||||||
"vue.rearranger.settings.migration": "true"
|
"vue.rearranger.settings.migration": "true"
|
||||||
},
|
},
|
||||||
"keyToStringList": {
|
"keyToStringList": {
|
||||||
"DatabaseDriversLRU": [
|
"DatabaseDriversLRU": [
|
||||||
"postgresql"
|
"postgresql"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}</component>
|
}]]></component>
|
||||||
<component name="RecentsManager">
|
<component name="RecentsManager">
|
||||||
<key name="CopyFile.RECENT_KEYS">
|
<key name="CopyFile.RECENT_KEYS">
|
||||||
<recent name="$PROJECT_DIR$/pkg/server/ui" />
|
<recent name="$PROJECT_DIR$/pkg/server/ui" />
|
||||||
@ -139,7 +136,6 @@
|
|||||||
</option>
|
</option>
|
||||||
</component>
|
</component>
|
||||||
<component name="VcsManagerConfiguration">
|
<component name="VcsManagerConfiguration">
|
||||||
<MESSAGE value=":sparkles: User center page" />
|
|
||||||
<MESSAGE value=":sparkles: Personalize" />
|
<MESSAGE value=":sparkles: Personalize" />
|
||||||
<MESSAGE value=":sparkles: OAuth" />
|
<MESSAGE value=":sparkles: OAuth" />
|
||||||
<MESSAGE value=":truck: Update well known" />
|
<MESSAGE value=":truck: Update well known" />
|
||||||
@ -164,7 +160,8 @@
|
|||||||
<MESSAGE value=":bug: Fix key exchange cause echo" />
|
<MESSAGE value=":bug: Fix key exchange cause echo" />
|
||||||
<MESSAGE value=":bug: Fix notification push issue" />
|
<MESSAGE value=":bug: Fix notification push issue" />
|
||||||
<MESSAGE value=":sparkles: Basis perm nodes feature" />
|
<MESSAGE value=":sparkles: Basis perm nodes feature" />
|
||||||
<option name="LAST_COMMIT_MESSAGE" value=":sparkles: Basis perm nodes feature" />
|
<MESSAGE value=":sparkles: Permission check" />
|
||||||
|
<option name="LAST_COMMIT_MESSAGE" value=":sparkles: Permission check" />
|
||||||
</component>
|
</component>
|
||||||
<component name="VgoProject">
|
<component name="VgoProject">
|
||||||
<settings-migrated>true</settings-migrated>
|
<settings-migrated>true</settings-migrated>
|
||||||
|
@ -46,8 +46,8 @@ func listAvailableRealm(c *fiber.Ctx) error {
|
|||||||
|
|
||||||
func createRealm(c *fiber.Ctx) error {
|
func createRealm(c *fiber.Ctx) error {
|
||||||
user := c.Locals("principal").(models.Account)
|
user := c.Locals("principal").(models.Account)
|
||||||
if user.PowerLevel < 10 {
|
if err := utils.CheckPermissions(c, "CreateRealms", true); err != nil {
|
||||||
return fiber.NewError(fiber.StatusForbidden, "require power level 10 to create realms")
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
var data struct {
|
var data struct {
|
||||||
|
@ -104,7 +104,7 @@ func ConfirmAccount(code string) error {
|
|||||||
for k, v := range viper.GetStringMap("permissions.verified") {
|
for k, v := range viper.GetStringMap("permissions.verified") {
|
||||||
if val, ok := user.PermNodes[k]; !ok {
|
if val, ok := user.PermNodes[k]; !ok {
|
||||||
user.PermNodes[k] = v
|
user.PermNodes[k] = v
|
||||||
} else if !HasPermNode(val, v) {
|
} else if !ComparePermNode(val, v) {
|
||||||
user.PermNodes[k] = v
|
user.PermNodes[k] = v
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -6,7 +6,14 @@ import (
|
|||||||
"strings"
|
"strings"
|
||||||
)
|
)
|
||||||
|
|
||||||
func HasPermNode(held any, required any) bool {
|
func HasPermNode(perms map[string]any, requiredKey string, requiredValue any) bool {
|
||||||
|
if heldValue, ok := perms[requiredKey]; ok {
|
||||||
|
return ComparePermNode(heldValue, requiredValue)
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
func ComparePermNode(held any, required any) bool {
|
||||||
heldValue := reflect.ValueOf(held)
|
heldValue := reflect.ValueOf(held)
|
||||||
requiredValue := reflect.ValueOf(required)
|
requiredValue := reflect.ValueOf(required)
|
||||||
|
|
||||||
|
@ -1,6 +1,8 @@
|
|||||||
package utils
|
package utils
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"fmt"
|
||||||
|
"git.solsynth.dev/hydrogen/passport/pkg/services"
|
||||||
"github.com/go-playground/validator/v10"
|
"github.com/go-playground/validator/v10"
|
||||||
"github.com/gofiber/fiber/v2"
|
"github.com/gofiber/fiber/v2"
|
||||||
"github.com/samber/lo"
|
"github.com/samber/lo"
|
||||||
@ -19,6 +21,17 @@ func BindAndValidate(c *fiber.Ctx, out any) error {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func GetPermissions(c *fiber.Ctx) map[string]any {
|
||||||
|
return c.Locals("permissions").(map[string]any)
|
||||||
|
}
|
||||||
|
|
||||||
|
func CheckPermissions(c *fiber.Ctx, key string, val any) error {
|
||||||
|
if !services.HasPermNode(GetPermissions(c), key, val) {
|
||||||
|
return fiber.NewError(fiber.StatusForbidden, fmt.Sprintf("requires permission: %s = %v", key, val))
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
func GetRedirectUri(c *fiber.Ctx, fallback ...string) *string {
|
func GetRedirectUri(c *fiber.Ctx, fallback ...string) *string {
|
||||||
if len(c.Query("redirect_uri")) > 0 {
|
if len(c.Query("redirect_uri")) > 0 {
|
||||||
return lo.ToPtr(c.Query("redirect_uri"))
|
return lo.ToPtr(c.Query("redirect_uri"))
|
||||||
|
Loading…
Reference in New Issue
Block a user