/
handler_set_user_permissions.go
67 lines (55 loc) · 1.97 KB
/
handler_set_user_permissions.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
package charond
import (
"context"
"github.com/lib/pq"
"github.com/piotrkowalczuk/charon"
charonrpc "github.com/piotrkowalczuk/charon/pb/rpc/charond/v1"
"github.com/piotrkowalczuk/charon/internal/grpcerr"
"github.com/piotrkowalczuk/charon/internal/model"
"github.com/piotrkowalczuk/charon/internal/session"
"google.golang.org/grpc/codes"
)
type setUserPermissionsHandler struct {
*handler
}
func (suph *setUserPermissionsHandler) SetPermissions(ctx context.Context, req *charonrpc.SetUserPermissionsRequest) (*charonrpc.SetUserPermissionsResponse, error) {
act, err := suph.Actor(ctx)
if err != nil {
return nil, err
}
if err = suph.firewall(req, act); err != nil {
return nil, err
}
permissions := charon.NewPermissions(req.Permissions...)
if req.Force {
_, err := suph.repository.permission.InsertMissing(ctx, permissions)
if err != nil {
return nil, err
}
}
created, removed, err := suph.repository.user.SetPermissions(ctx, req.UserId, permissions...)
if err != nil {
switch model.ErrorConstraint(err) {
case model.TableUserPermissionsConstraintUserIDForeignKey:
return nil, grpcerr.E(codes.NotFound, "%s: user does not exist", err.(*pq.Error).Detail)
case model.TableUserPermissionsConstraintPermissionSubsystemPermissionModulePermissionActionForeignKey:
return nil, grpcerr.E(codes.NotFound, "%s: permission does not exist", err.(*pq.Error).Detail)
default:
return nil, err
}
}
return &charonrpc.SetUserPermissionsResponse{
Created: created,
Removed: removed,
Untouched: untouched(int64(len(req.Permissions)), created, removed),
}, nil
}
func (suph *setUserPermissionsHandler) firewall(req *charonrpc.SetUserPermissionsRequest, act *session.Actor) error {
if act.User.IsSuperuser {
return nil
}
if act.Permissions.Contains(charon.UserPermissionCanCreate) && act.Permissions.Contains(charon.UserPermissionCanDelete) {
return nil
}
return grpcerr.E(codes.PermissionDenied, "user permissions cannot be set, missing permission")
}