authd/src/requests/permissions.cr

class AuthD::Request
	IPC::JSON.message CheckPermission, 9 do
		property user       : Int32 | String
		property service    : String
		property resource   : String

		def initialize(@user, @service, @resource)
		end

		def handle(authd : AuthD::Service, fd : Int32)
			# Get currently logged user.
			logged_user = authd.get_logged_user? fd
			if logged_user.nil?
				return Response::Error.new "you must be logged"
			end

			unless logged_user.admin
				return Response::Error.new "unauthorized (not admin)"
			end

			user = case u = @user
			when .is_a? Int32
				authd.users_per_uid.get? u.to_s
			else
				authd.users_per_login.get? u
			end

			if user.nil?
				return Response::Error.new "no such user"
			end

			service = @service
			service_permissions = user.permissions[service]?

			if service_permissions.nil?
				return Response::PermissionCheck.new service, @resource, user.uid, User::PermissionLevel::None
			end

			resource_permissions = service_permissions[@resource]?

			if resource_permissions.nil?
				return Response::PermissionCheck.new service, @resource, user.uid, User::PermissionLevel::None
			end

			return Response::PermissionCheck.new service, @resource, user.uid, resource_permissions
		end
	end
	AuthD.requests << CheckPermission

	IPC::JSON.message SetPermission, 10 do
		property shared_key : String

		property user       : Int32 | String
		property service    : String
		property resource   : String
		property permission : ::AuthD::User::PermissionLevel

		def initialize(@shared_key, @user, @service, @resource, @permission)
		end

		def handle(authd : AuthD::Service, fd : Int32)
			unless @shared_key == authd.configuration.shared_key
				return Response::Error.new "unauthorized"
			end

			user = authd.users_per_uid.get? @user.to_s

			if user.nil?
				return Response::Error.new "no such user"
			end

			service = @service
			service_permissions = user.permissions[service]?

			if service_permissions.nil?
				service_permissions = Hash(String, User::PermissionLevel).new
				user.permissions[service] = service_permissions
			end

			if @permission.none?
				service_permissions.delete @resource
			else
				service_permissions[@resource] = @permission
			end

			authd.users_per_uid.update user.uid.to_s, user

			Response::PermissionSet.new user.uid, service, @resource, @permission
		end
	end
	AuthD.requests << SetPermission
end
New authd code structure. 2020-11-22 13:49:34 +01:00			`class AuthD::Request`
			`IPC::JSON.message CheckPermission, 9 do`
			`property user : Int32 \| String`
			`property service : String`
			`property resource : String`

WIP: remove "shared keys logic" and use logged user hash. 2023-06-10 18:27:50 +02:00			`def initialize(@user, @service, @resource)`
New authd code structure. 2020-11-22 13:49:34 +01:00			`end`

Authd: users are now logged and have an 'admin' attribute. 2023-06-10 17:26:12 +02:00			`def handle(authd : AuthD::Service, fd : Int32)`
WIP: remove "shared keys logic" and use logged user hash. 2023-06-10 18:27:50 +02:00			`# Get currently logged user.`
			`logged_user = authd.get_logged_user? fd`
			`if logged_user.nil?`
			`return Response::Error.new "you must be logged"`
New authd code structure. 2020-11-22 13:49:34 +01:00			`end`

WIP: remove "shared keys logic" and use logged user hash. 2023-06-10 18:27:50 +02:00			`unless logged_user.admin`
			`return Response::Error.new "unauthorized (not admin)"`
New authd code structure. 2020-11-22 13:49:34 +01:00			`end`

			`user = case u = @user`
			`when .is_a? Int32`
			`authd.users_per_uid.get? u.to_s`
			`else`
			`authd.users_per_login.get? u`
			`end`

			`if user.nil?`
			`return Response::Error.new "no such user"`
			`end`

			`service = @service`
			`service_permissions = user.permissions[service]?`

			`if service_permissions.nil?`
			`return Response::PermissionCheck.new service, @resource, user.uid, User::PermissionLevel::None`
			`end`

			`resource_permissions = service_permissions[@resource]?`

			`if resource_permissions.nil?`
			`return Response::PermissionCheck.new service, @resource, user.uid, User::PermissionLevel::None`
			`end`

			`return Response::PermissionCheck.new service, @resource, user.uid, resource_permissions`
			`end`
			`end`
			`AuthD.requests << CheckPermission`

			`IPC::JSON.message SetPermission, 10 do`
			`property shared_key : String`

			`property user : Int32 \| String`
			`property service : String`
			`property resource : String`
			`property permission : ::AuthD::User::PermissionLevel`

			`def initialize(@shared_key, @user, @service, @resource, @permission)`
			`end`

Authd: users are now logged and have an 'admin' attribute. 2023-06-10 17:26:12 +02:00			`def handle(authd : AuthD::Service, fd : Int32)`
New authd code structure. 2020-11-22 13:49:34 +01:00			`unless @shared_key == authd.configuration.shared_key`
			`return Response::Error.new "unauthorized"`
			`end`

			`user = authd.users_per_uid.get? @user.to_s`

			`if user.nil?`
			`return Response::Error.new "no such user"`
			`end`

			`service = @service`
			`service_permissions = user.permissions[service]?`

			`if service_permissions.nil?`
			`service_permissions = Hash(String, User::PermissionLevel).new`
			`user.permissions[service] = service_permissions`
			`end`

			`if @permission.none?`
			`service_permissions.delete @resource`
			`else`
			`service_permissions[@resource] = @permission`
			`end`

			`authd.users_per_uid.update user.uid.to_s, user`

			`Response::PermissionSet.new user.uid, service, @resource, @permission`
			`end`
			`end`
			`AuthD.requests << SetPermission`
			`end`