2020-11-22 13:49:34 +01:00
|
|
|
class AuthD::Request
|
|
|
|
IPC::JSON.message CheckPermission, 9 do
|
|
|
|
property user : Int32 | String
|
|
|
|
property service : String
|
|
|
|
property resource : String
|
|
|
|
|
2023-06-10 18:27:50 +02:00
|
|
|
def initialize(@user, @service, @resource)
|
2020-11-22 13:49:34 +01:00
|
|
|
end
|
|
|
|
|
2023-06-10 17:26:12 +02:00
|
|
|
def handle(authd : AuthD::Service, fd : Int32)
|
2023-06-10 18:27:50 +02:00
|
|
|
logged_user = authd.get_logged_user? fd
|
2020-11-22 13:49:34 +01:00
|
|
|
|
2023-06-11 16:39:16 +02:00
|
|
|
return Response::Error.new "you must be logged" if logged_user.nil?
|
|
|
|
return Response::Error.new "unauthorized (not admin)" unless logged_user.admin
|
2020-11-22 13:49:34 +01:00
|
|
|
|
|
|
|
user = case u = @user
|
|
|
|
when .is_a? Int32
|
|
|
|
authd.users_per_uid.get? u.to_s
|
|
|
|
else
|
|
|
|
authd.users_per_login.get? u
|
|
|
|
end
|
|
|
|
|
|
|
|
if user.nil?
|
|
|
|
return Response::Error.new "no such user"
|
|
|
|
end
|
|
|
|
|
|
|
|
service = @service
|
|
|
|
service_permissions = user.permissions[service]?
|
|
|
|
|
|
|
|
if service_permissions.nil?
|
|
|
|
return Response::PermissionCheck.new service, @resource, user.uid, User::PermissionLevel::None
|
|
|
|
end
|
|
|
|
|
|
|
|
resource_permissions = service_permissions[@resource]?
|
|
|
|
|
|
|
|
if resource_permissions.nil?
|
|
|
|
return Response::PermissionCheck.new service, @resource, user.uid, User::PermissionLevel::None
|
|
|
|
end
|
|
|
|
|
|
|
|
return Response::PermissionCheck.new service, @resource, user.uid, resource_permissions
|
|
|
|
end
|
|
|
|
end
|
|
|
|
AuthD.requests << CheckPermission
|
|
|
|
|
|
|
|
IPC::JSON.message SetPermission, 10 do
|
|
|
|
property user : Int32 | String
|
|
|
|
property service : String
|
|
|
|
property resource : String
|
|
|
|
property permission : ::AuthD::User::PermissionLevel
|
|
|
|
|
2023-06-11 16:39:16 +02:00
|
|
|
def initialize(@user, @service, @resource, @permission)
|
2020-11-22 13:49:34 +01:00
|
|
|
end
|
|
|
|
|
2023-06-10 17:26:12 +02:00
|
|
|
def handle(authd : AuthD::Service, fd : Int32)
|
2023-06-11 16:39:16 +02:00
|
|
|
logged_user = authd.get_logged_user? fd
|
|
|
|
|
|
|
|
return Response::Error.new "you must be logged" if logged_user.nil?
|
|
|
|
return Response::Error.new "unauthorized (not admin)" unless logged_user.admin
|
2020-11-22 13:49:34 +01:00
|
|
|
|
|
|
|
user = authd.users_per_uid.get? @user.to_s
|
|
|
|
|
2023-06-11 16:39:16 +02:00
|
|
|
return Response::Error.new "no such user" if user.nil?
|
2020-11-22 13:49:34 +01:00
|
|
|
|
|
|
|
service = @service
|
|
|
|
service_permissions = user.permissions[service]?
|
|
|
|
|
|
|
|
if service_permissions.nil?
|
|
|
|
service_permissions = Hash(String, User::PermissionLevel).new
|
|
|
|
user.permissions[service] = service_permissions
|
|
|
|
end
|
|
|
|
|
|
|
|
if @permission.none?
|
|
|
|
service_permissions.delete @resource
|
|
|
|
else
|
|
|
|
service_permissions[@resource] = @permission
|
|
|
|
end
|
|
|
|
|
|
|
|
authd.users_per_uid.update user.uid.to_s, user
|
|
|
|
|
|
|
|
Response::PermissionSet.new user.uid, service, @resource, @permission
|
|
|
|
end
|
|
|
|
end
|
|
|
|
AuthD.requests << SetPermission
|
|
|
|
end
|