-
Notifications
You must be signed in to change notification settings - Fork 0
/
perms.go
102 lines (75 loc) · 2.04 KB
/
perms.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
package utils
import (
"github.com/macinnir/dvc/core/lib/utils/request"
"github.com/macinnir/dvc/core/lib/utils/types"
)
// Permission is the name of a permission
type Permission string
const (
SuperUserID = int64(1)
RequestPathUserIDArgName = "userID"
AsOwnerSuffix = "AsOwner"
)
func HasPerm(req *request.Request, user types.IUserContainer, perm Permission) bool {
// System user
if user.ID() == SuperUserID {
return true
}
if !user.Activated() || user.Disabled() || user.Locked() {
return false
}
hasPerm := false
permissions := user.Permissions()
for k := range permissions {
if permissions[k] == string(perm) {
hasPerm = true
}
}
if !hasPerm {
return false
}
// Check suffix
if len(perm) <= len(AsOwnerSuffix) {
return hasPerm
}
suffix := string(perm[len(perm)-len(AsOwnerSuffix):])
// Check if this permission is "AsOwner"
if suffix == AsOwnerSuffix {
// Check if the request contains a "userID" argument and that it matches the current user
return req.ArgInt64(RequestPathUserIDArgName, 0) == req.UserID
}
return hasPerm
}
// HasPerm verifies that a permission exists in a userProfile's permissions
func HasPermOld(userID int64, perms []string, permName Permission) bool {
// Superuser
if userID == 1 {
return true
}
for k := range perms {
if perms[k] == string(permName) {
return true
}
}
return false
// // Check if the device has been registered
// if user.Device == nil || user.Device.DateRegistered == 0 {
// return false
// }
// if len(user.UserProfile.Permissions.String) > 0 {
// // God mode catch-all
// if user.UserProfile.Permissions.String == "*" {
// return true
// }
// if strings.Contains(user.UserProfile.Permissions.String, "#"+string(permName)+"#") {
// return true
// }
// }
// // Iterate through all roles to see if they have the permission
// for k := range user.UserProfile.Roles {
// if strings.Contains(user.UserProfile.Roles[k].Permissions.String, "#"+string(permName)+"#") {
// return true
// }
// }
// return false
}