-
Notifications
You must be signed in to change notification settings - Fork 4
/
access.go
74 lines (60 loc) · 1.79 KB
/
access.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
package user
import (
"context"
"fmt"
"time"
"github.com/bcc-code/bcc-media-platform/backend/loaders"
"github.com/ansel1/merry/v2"
"github.com/bcc-code/bcc-media-platform/backend/common"
"github.com/bcc-code/bcc-media-platform/backend/utils"
"github.com/samber/lo"
)
// Sentinel errors
var (
ErrItemNotPublished = common.ErrItemNotPublished
ErrItemNoAccess = common.ErrItemNoAccess
ErrPublishDateInFuture = merry.Sentinel("Publish date in the future")
)
// CheckConditions defines which conditions that should be checked
type CheckConditions struct {
FromDate bool
PublishDate bool
Download bool
}
// ValidateAccess returns error if user in context does not have access to the specified item
func ValidateAccess[k comparable](
ctx context.Context,
permissionLoader *loaders.Loader[k, *common.Permissions[k]],
id k,
conditions CheckConditions,
) error {
ginCtx, err := utils.GinCtx(ctx)
if err != nil {
return err
}
rs := GetRolesFromCtx(ginCtx)
perms, err := permissionLoader.Get(ctx, id)
if err != nil {
return err
}
roles := perms.Roles
availability := perms.Availability
if conditions.Download && len(lo.Intersect(rs, roles.Download)) == 0 {
return merry.Wrap(ErrItemNoAccess)
}
if len(lo.Intersect(rs, roles.EarlyAccess)) > 0 && (availability.Published || availability.Unlisted) {
return nil
}
if !(availability.Published || availability.Unlisted) ||
availability.To.Before(time.Now()) ||
(conditions.FromDate && availability.From.After(time.Now())) {
return merry.Wrap(fmt.Errorf("item ID: %v, ERR: %w", id, ErrItemNotPublished))
}
if len(lo.Intersect(rs, roles.Access)) == 0 {
return merry.Wrap(ErrItemNoAccess)
}
if conditions.PublishDate && availability.PublishedOn.After(time.Now()) {
return merry.Wrap(ErrPublishDateInFuture)
}
return nil
}