-
Notifications
You must be signed in to change notification settings - Fork 0
/
perms.go
130 lines (98 loc) · 2.85 KB
/
perms.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
package utils
import (
"strings"
"github.com/macinnir/dvc/core/lib/utils/request"
"github.com/macinnir/dvc/core/lib/utils/types"
)
// Permission is the name of a permission
type Permission string
const (
SuperUserID = int64(1)
RequestPathUserIDArgName = "userID"
AsOwnerSuffix = "AsOwner"
FeaturePermSeparator = "_"
)
// ExtractPermParts extracts the parts of a permission into a featureName and a permissionName
func ExtractFeatureFromPerm(perm Permission) string {
return string(perm)[0:strings.Index(string(perm), "_")]
// permString := string(perm)
// parts := strings.Split(permString, FeaturePermSeparator)
// return parts[0], parts[1]
}
func HasPerm(req *request.Request, user types.IUserContainer, perm Permission) bool {
// System user
if user.ID() == SuperUserID {
return true
}
// Must be activated, not disabled and not locked
if !user.Activated() || user.Disabled() || user.Locked() {
return false
}
hasPerm := false
// Features
featureName := ExtractFeatureFromPerm(perm)
// Loop through user permissions
userPermissions := user.Permissions()
for k := range userPermissions {
// Exact match
if userPermissions[k] == string(perm) {
hasPerm = true
break
}
if userPermissions[k][len(userPermissions[k])-2:] == "_*" {
// if strings.Contains(userPermissions[k], "_*") {
userFeature := ExtractFeatureFromPerm(Permission(userPermissions[k]))
if userFeature == featureName {
hasPerm = true
break
}
}
}
if !hasPerm {
return false
}
// Check suffix
if len(perm) <= len(AsOwnerSuffix) {
return hasPerm
}
suffix := string(perm[len(perm)-len(AsOwnerSuffix):])
// Check if this permission is "AsOwner"
if suffix == AsOwnerSuffix {
// Check if the request contains a "userID" argument and that it matches the current user
return req.ArgInt64(RequestPathUserIDArgName, 0) == req.UserID
}
return hasPerm
}
// HasPerm verifies that a permission exists in a userProfile's permissions
func HasPermOld(userID int64, perms []string, permName Permission) bool {
// Superuser
if userID == 1 {
return true
}
for k := range perms {
if perms[k] == string(permName) {
return true
}
}
return false
// // Check if the device has been registered
// if user.Device == nil || user.Device.DateRegistered == 0 {
// return false
// }
// if len(user.UserProfile.Permissions.String) > 0 {
// // God mode catch-all
// if user.UserProfile.Permissions.String == "*" {
// return true
// }
// if strings.Contains(user.UserProfile.Permissions.String, "#"+string(permName)+"#") {
// return true
// }
// }
// // Iterate through all roles to see if they have the permission
// for k := range user.UserProfile.Roles {
// if strings.Contains(user.UserProfile.Roles[k].Permissions.String, "#"+string(permName)+"#") {
// return true
// }
// }
// return false
}