2020-11-22 13:49:34 +01:00
|
|
|
class AuthD::Request
|
2023-06-13 03:15:08 +02:00
|
|
|
IPC::JSON.message CheckPermission, 10 do
|
2023-06-13 18:37:58 +02:00
|
|
|
property user : UserID? = nil
|
2020-11-22 13:49:34 +01:00
|
|
|
property service : String
|
|
|
|
property resource : String
|
|
|
|
|
2023-06-10 18:27:50 +02:00
|
|
|
def initialize(@user, @service, @resource)
|
2020-11-22 13:49:34 +01:00
|
|
|
end
|
|
|
|
|
2023-06-10 17:26:12 +02:00
|
|
|
def handle(authd : AuthD::Service, fd : Int32)
|
2023-06-12 14:40:03 +02:00
|
|
|
logged_user = authd.get_logged_user_full? fd
|
2023-06-14 01:46:38 +02:00
|
|
|
return Response::ErrorMustBeAuthenticated.new if logged_user.nil?
|
2020-11-22 13:49:34 +01:00
|
|
|
|
2023-06-13 18:37:58 +02:00
|
|
|
user = if u = @user
|
|
|
|
logged_user.assert_permission("authd", "*", User::PermissionLevel::Read)
|
|
|
|
authd.user? u
|
|
|
|
else
|
|
|
|
logged_user
|
|
|
|
end
|
2023-06-14 01:46:38 +02:00
|
|
|
return Response::ErrorUserNotFound.new if user.nil?
|
2020-11-22 13:49:34 +01:00
|
|
|
|
2023-06-11 21:27:52 +02:00
|
|
|
service_permissions = user.permissions[@service]?
|
|
|
|
resource_permissions = if service_permissions.nil?
|
|
|
|
User::PermissionLevel::None
|
|
|
|
elsif p = service_permissions[@resource]?
|
|
|
|
p
|
|
|
|
else
|
|
|
|
User::PermissionLevel::None
|
2020-11-22 13:49:34 +01:00
|
|
|
end
|
|
|
|
|
2023-06-11 21:27:52 +02:00
|
|
|
return Response::PermissionCheck.new @service, @resource, user.uid, resource_permissions
|
2020-11-22 13:49:34 +01:00
|
|
|
end
|
|
|
|
end
|
|
|
|
AuthD.requests << CheckPermission
|
|
|
|
|
2023-06-13 03:15:08 +02:00
|
|
|
IPC::JSON.message SetPermission, 11 do
|
2023-06-11 18:59:41 +02:00
|
|
|
property user : UserID
|
2020-11-22 13:49:34 +01:00
|
|
|
property service : String
|
|
|
|
property resource : String
|
|
|
|
property permission : ::AuthD::User::PermissionLevel
|
|
|
|
|
2023-06-11 16:39:16 +02:00
|
|
|
def initialize(@user, @service, @resource, @permission)
|
2020-11-22 13:49:34 +01:00
|
|
|
end
|
|
|
|
|
2023-06-10 17:26:12 +02:00
|
|
|
def handle(authd : AuthD::Service, fd : Int32)
|
2023-06-12 14:40:03 +02:00
|
|
|
logged_user = authd.get_logged_user_full? fd
|
2023-06-14 01:46:38 +02:00
|
|
|
return Response::ErrorMustBeAuthenticated.new if logged_user.nil?
|
2023-06-12 14:40:03 +02:00
|
|
|
logged_user.assert_permission("authd", "*", User::PermissionLevel::Admin)
|
2020-11-22 13:49:34 +01:00
|
|
|
|
2023-06-13 18:37:58 +02:00
|
|
|
user = if u = @user
|
|
|
|
authd.user? u
|
|
|
|
else
|
|
|
|
logged_user
|
|
|
|
end
|
2023-06-14 01:46:38 +02:00
|
|
|
return Response::ErrorUserNotFound.new if user.nil?
|
2020-11-22 13:49:34 +01:00
|
|
|
|
2023-06-11 21:27:52 +02:00
|
|
|
service_permissions = user.permissions[@service]?
|
2020-11-22 13:49:34 +01:00
|
|
|
|
|
|
|
if service_permissions.nil?
|
|
|
|
service_permissions = Hash(String, User::PermissionLevel).new
|
2023-06-11 21:27:52 +02:00
|
|
|
user.permissions[@service] = service_permissions
|
2020-11-22 13:49:34 +01:00
|
|
|
end
|
|
|
|
|
|
|
|
if @permission.none?
|
|
|
|
service_permissions.delete @resource
|
|
|
|
else
|
|
|
|
service_permissions[@resource] = @permission
|
|
|
|
end
|
|
|
|
|
|
|
|
authd.users_per_uid.update user.uid.to_s, user
|
|
|
|
|
2023-06-11 21:27:52 +02:00
|
|
|
Response::PermissionSet.new user.uid, @service, @resource, @permission
|
2020-11-22 13:49:34 +01:00
|
|
|
end
|
|
|
|
end
|
|
|
|
AuthD.requests << SetPermission
|
|
|
|
end
|