-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
9 changed files
with
226 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
package memelink | ||
|
||
import "github.com/bwmarrin/discordgo" | ||
|
||
const memeEditorACL = "boarbot.modules.memelink::edit" | ||
|
||
func (m Module) isMemeEditor(s *discordgo.Session, userID string, guildID string) bool { | ||
if allowed, err := m.ACLDAO.CheckUserACL(userID, memeEditorACL); err != nil { | ||
m.Log.Errorf("could not check meme editor user ACL: %v", err) | ||
return false | ||
} else if allowed { | ||
return true | ||
} | ||
|
||
member, err := s.GuildMember(guildID, userID) | ||
if err != nil { | ||
m.Log.Errorf("could not obtain member from user: %v", err) | ||
return false | ||
} | ||
|
||
allowed, err := m.ACLDAO.CheckMultiRoleACL(member.Roles, memeEditorACL) | ||
if err != nil { | ||
m.Log.Errorf("could not check meme editor roles ACL: %v", err) | ||
return false | ||
} | ||
return allowed | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
package acl | ||
|
||
import ( | ||
"github.com/fsufitch/discord-boar-bot/db/connection" | ||
) | ||
|
||
// DAO exposes database ACL functionality | ||
type DAO struct { | ||
Conn connection.DatabaseConnection | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,100 @@ | ||
package acl | ||
|
||
import ( | ||
"database/sql" | ||
"fmt" | ||
"strings" | ||
) | ||
|
||
// RoleACL encapsulates a single permission granted to a role | ||
type RoleACL struct { | ||
RowID int | ||
ACLID string | ||
UserID string | ||
Details string | ||
} | ||
|
||
// CheckRoleACL checks whether the role is granted the permission | ||
func (dao DAO) CheckRoleACL(roleID string, aclID string) (bool, error) { | ||
tx, err := (*sql.DB)(dao.Conn).Begin() | ||
if err != nil { | ||
return false, err | ||
} | ||
defer tx.Rollback() | ||
|
||
row := tx.QueryRow(` | ||
SELECT COUNT(1) | ||
FROM role_acl | ||
WHERE role_id=$1 AND acl_id=$2 | ||
`, roleID, aclID) | ||
|
||
var result int | ||
err = row.Scan(&result) | ||
return result > 0, err | ||
} | ||
|
||
// CheckMultiRoleACL checks whether any of the roles are granted the permission | ||
func (dao DAO) CheckMultiRoleACL(roleIDs []string, aclID string) (bool, error) { | ||
tx, err := (*sql.DB)(dao.Conn).Begin() | ||
if err != nil { | ||
return false, err | ||
} | ||
defer tx.Rollback() | ||
|
||
queryParams := []interface{}{aclID} | ||
inValueList := []string{} | ||
for i, roleID := range roleIDs { | ||
queryParams = append(queryParams, roleID) | ||
inValueList = append(inValueList, fmt.Sprintf("$%d", i+2)) | ||
} | ||
inValue := "(" + strings.Join(inValueList, ", ") + ")" | ||
query := fmt.Sprintf(` | ||
SELECT COUNT(1) | ||
FROM role_acl | ||
WHERE acl_id=$1 AND role_id IN %s | ||
`, inValue) | ||
|
||
row := tx.QueryRow(query, queryParams...) | ||
|
||
var result int | ||
err = row.Scan(&result) | ||
return result > 0, err | ||
} | ||
|
||
// GrantRoleACL grants a permission to a role | ||
func (dao DAO) GrantRoleACL(roleID string, aclID string, details string) error { | ||
tx, err := (*sql.DB)(dao.Conn).Begin() | ||
if err != nil { | ||
return err | ||
} | ||
defer tx.Rollback() | ||
|
||
_, err = tx.Exec(` | ||
INSERT INTO role_acl (role_id, acl_id, details) | ||
VALUES ($1, $2, $3) | ||
`, roleID, aclID, details) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
return tx.Commit() | ||
} | ||
|
||
// RevokeRoleACL revokes a permission from a role | ||
func (dao DAO) RevokeRoleACL(roleID string, aclID string) error { | ||
tx, err := (*sql.DB)(dao.Conn).Begin() | ||
if err != nil { | ||
return err | ||
} | ||
defer tx.Rollback() | ||
|
||
_, err = tx.Exec(` | ||
DELETE FROM role_acl | ||
WHERE role_id=$1 AND acl_id=$2 | ||
`, roleID, aclID) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
return tx.Commit() | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
package acl | ||
|
||
import "database/sql" | ||
|
||
// UserACL encapsulates a single permission granted to a user | ||
type UserACL struct { | ||
RowID int | ||
ACLID string | ||
UserID string | ||
Details string | ||
} | ||
|
||
// CheckUserACL checks whether the user is granted the permission | ||
func (dao DAO) CheckUserACL(userID string, aclID string) (bool, error) { | ||
tx, err := (*sql.DB)(dao.Conn).Begin() | ||
if err != nil { | ||
return false, err | ||
} | ||
defer tx.Rollback() | ||
|
||
row := tx.QueryRow(` | ||
SELECT COUNT(1) | ||
FROM user_acl | ||
WHERE user_id=$1 AND acl_id=$2 | ||
`, userID, aclID) | ||
|
||
var result int | ||
err = row.Scan(&result) | ||
return result > 0, err | ||
} | ||
|
||
// GrantUserACL grants a permission to a user | ||
func (dao DAO) GrantUserACL(userID string, aclID string, details string) error { | ||
tx, err := (*sql.DB)(dao.Conn).Begin() | ||
if err != nil { | ||
return err | ||
} | ||
defer tx.Rollback() | ||
|
||
_, err = tx.Exec(` | ||
INSERT INTO user_acl (user_id, acl_id, details) | ||
VALUES ($1, $2, $3) | ||
`, userID, aclID, details) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
return tx.Commit() | ||
} | ||
|
||
// RevokeUserACL revokes a permission from a user | ||
func (dao DAO) RevokeUserACL(userID string, aclID string) error { | ||
tx, err := (*sql.DB)(dao.Conn).Begin() | ||
if err != nil { | ||
return err | ||
} | ||
defer tx.Rollback() | ||
|
||
_, err = tx.Exec(` | ||
DELETE FROM user_acl | ||
WHERE user_id=$1 AND acl_id=$2 | ||
`, userID, aclID) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
return tx.Commit() | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters