-
Notifications
You must be signed in to change notification settings - Fork 18
/
UserUtilADM.scala
53 lines (48 loc) · 2.09 KB
/
UserUtilADM.scala
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
/*
* Copyright © 2021 - 2024 Swiss National Data and Service Center for the Humanities and/or DaSCH Service Platform contributors.
* SPDX-License-Identifier: Apache-2.0
*/
package org.knora.webapi.messages.util
import zio.*
import dsp.errors.ForbiddenException
import dsp.errors.NotFoundException
import org.knora.webapi.IRI
import org.knora.webapi.messages.admin.responder.usersmessages.UserInformationType.Full
import org.knora.webapi.messages.util.KnoraSystemInstances.Users.SystemUser
import org.knora.webapi.responders.admin.UsersResponder
import org.knora.webapi.slice.admin.domain.model.User
import org.knora.webapi.slice.admin.domain.model.UserIri
/**
* Utility functions for working with users.
*/
object UserUtilADM {
/**
* Allows a system admin or project admin to perform an operation as another user in a specified project.
* Checks whether the requesting user is a system admin or a project admin in the project, and if so,
* returns a [[User]] representing the requested user. Otherwise, returns a failed future containing
* [[ForbiddenException]].
*
* @param requestingUser the requesting user.
* @param requestedUserIri the IRI of the requested user.
* @param projectIri the IRI of the project.
* @return a [[User]] representing the requested user.
*/
def switchToUser(
requestingUser: User,
requestedUserIri: IRI,
projectIri: IRI
): ZIO[UsersResponder, Throwable, User] = {
val userIri = UserIri.unsafeFrom(requestedUserIri)
requestingUser match {
case _ if requestingUser.id == userIri.value => ZIO.succeed(requestingUser)
case _ if !(requestingUser.permissions.isSystemAdmin || requestingUser.permissions.isProjectAdmin(projectIri)) =>
val msg =
s"You are logged in as ${requestingUser.username}, but only a system administrator or project administrator can perform an operation as another user"
ZIO.fail(ForbiddenException(msg))
case _ =>
UsersResponder
.findUserByIri(userIri, Full, SystemUser)
.someOrFail(NotFoundException(s"User '${userIri.value}' not found"))
}
}
}