authd/src/requests/permissions.cr

class AuthD::Request
	IPC::JSON.message CheckPermission, 9 do
		property user       : UserID
		property service    : String
		property resource   : String

		def initialize(@user, @service, @resource)
		end

		def handle(authd : AuthD::Service, fd : Int32)
			logged_user = authd.get_logged_user? fd

			return Response::Error.new "you must be logged" if logged_user.nil?
			return Response::Error.new "unauthorized (not admin)" unless logged_user.admin

			user = authd.user? @user
			return Response::Error.new "no such user" if user.nil?

			service = @service
			service_permissions = user.permissions[service]?

			if service_permissions.nil?
				return Response::PermissionCheck.new service, @resource, user.uid, User::PermissionLevel::None
			end

			resource_permissions = service_permissions[@resource]?

			if resource_permissions.nil?
				return Response::PermissionCheck.new service, @resource, user.uid, User::PermissionLevel::None
			end

			return Response::PermissionCheck.new service, @resource, user.uid, resource_permissions
		end
	end
	AuthD.requests << CheckPermission

	IPC::JSON.message SetPermission, 10 do
		property user       : UserID
		property service    : String
		property resource   : String
		property permission : ::AuthD::User::PermissionLevel

		def initialize(@user, @service, @resource, @permission)
		end

		def handle(authd : AuthD::Service, fd : Int32)
			logged_user = authd.get_logged_user? fd

			return Response::Error.new "you must be logged" if logged_user.nil?
			return Response::Error.new "unauthorized (not admin)" unless logged_user.admin

			user = authd.user? @user
			return Response::Error.new "no such user" if user.nil?

			service = @service
			service_permissions = user.permissions[service]?

			if service_permissions.nil?
				service_permissions = Hash(String, User::PermissionLevel).new
				user.permissions[service] = service_permissions
			end

			if @permission.none?
				service_permissions.delete @resource
			else
				service_permissions[@resource] = @permission
			end

			authd.users_per_uid.update user.uid.to_s, user

			Response::PermissionSet.new user.uid, service, @resource, @permission
		end
	end
	AuthD.requests << SetPermission
end
New authd code structure. 2020-11-22 13:49:34 +01:00			`class AuthD::Request`
			`IPC::JSON.message CheckPermission, 9 do`
Refactoring in progress. Still a few classes to go. 2023-06-11 18:59:41 +02:00			`property user : UserID`
New authd code structure. 2020-11-22 13:49:34 +01:00			`property service : String`
			`property resource : String`

WIP: remove "shared keys logic" and use logged user hash. 2023-06-10 18:27:50 +02:00			`def initialize(@user, @service, @resource)`
New authd code structure. 2020-11-22 13:49:34 +01:00			`end`

Authd: users are now logged and have an 'admin' attribute. 2023-06-10 17:26:12 +02:00			`def handle(authd : AuthD::Service, fd : Int32)`
WIP: remove "shared keys logic" and use logged user hash. 2023-06-10 18:27:50 +02:00			`logged_user = authd.get_logged_user? fd`
New authd code structure. 2020-11-22 13:49:34 +01:00
Slowly embrace the logged-authenticated-user logic. 2023-06-11 16:39:16 +02:00			`return Response::Error.new "you must be logged" if logged_user.nil?`
			`return Response::Error.new "unauthorized (not admin)" unless logged_user.admin`
New authd code structure. 2020-11-22 13:49:34 +01:00
Refactoring in progress. Still a few classes to go. 2023-06-11 18:59:41 +02:00			`user = authd.user? @user`
			`return Response::Error.new "no such user" if user.nil?`
New authd code structure. 2020-11-22 13:49:34 +01:00
			`service = @service`
			`service_permissions = user.permissions[service]?`

			`if service_permissions.nil?`
			`return Response::PermissionCheck.new service, @resource, user.uid, User::PermissionLevel::None`
			`end`

			`resource_permissions = service_permissions[@resource]?`

			`if resource_permissions.nil?`
			`return Response::PermissionCheck.new service, @resource, user.uid, User::PermissionLevel::None`
			`end`

			`return Response::PermissionCheck.new service, @resource, user.uid, resource_permissions`
			`end`
			`end`
			`AuthD.requests << CheckPermission`

			`IPC::JSON.message SetPermission, 10 do`
Refactoring in progress. Still a few classes to go. 2023-06-11 18:59:41 +02:00			`property user : UserID`
New authd code structure. 2020-11-22 13:49:34 +01:00			`property service : String`
			`property resource : String`
			`property permission : ::AuthD::User::PermissionLevel`

Slowly embrace the logged-authenticated-user logic. 2023-06-11 16:39:16 +02:00			`def initialize(@user, @service, @resource, @permission)`
New authd code structure. 2020-11-22 13:49:34 +01:00			`end`

Authd: users are now logged and have an 'admin' attribute. 2023-06-10 17:26:12 +02:00			`def handle(authd : AuthD::Service, fd : Int32)`
Slowly embrace the logged-authenticated-user logic. 2023-06-11 16:39:16 +02:00			`logged_user = authd.get_logged_user? fd`

			`return Response::Error.new "you must be logged" if logged_user.nil?`
			`return Response::Error.new "unauthorized (not admin)" unless logged_user.admin`
New authd code structure. 2020-11-22 13:49:34 +01:00
Refactoring in progress. Still a few classes to go. 2023-06-11 18:59:41 +02:00			`user = authd.user? @user`
Slowly embrace the logged-authenticated-user logic. 2023-06-11 16:39:16 +02:00			`return Response::Error.new "no such user" if user.nil?`
New authd code structure. 2020-11-22 13:49:34 +01:00
			`service = @service`
			`service_permissions = user.permissions[service]?`

			`if service_permissions.nil?`
			`service_permissions = Hash(String, User::PermissionLevel).new`
			`user.permissions[service] = service_permissions`
			`end`

			`if @permission.none?`
			`service_permissions.delete @resource`
			`else`
			`service_permissions[@resource] = @permission`
			`end`

			`authd.users_per_uid.update user.uid.to_s, user`

			`Response::PermissionSet.new user.uid, service, @resource, @permission`
			`end`
			`end`
			`AuthD.requests << SetPermission`
			`end`