s/UserID | Nil/UserID?/ and allow simple users to read their permissions.

This commit is contained in:
Philippe Pittoli 2023-06-13 18:37:58 +02:00
parent 7324bdb619
commit 186edd2ca0
4 changed files with 15 additions and 7 deletions

View File

@ -1,7 +1,7 @@
class AuthD::Request
IPC::JSON.message Delete, 8 do
# Deletion can be triggered by either an admin or the related user.
property user : UserID | Nil = nil
property user : UserID? = nil
def initialize(@user = nil)
end

View File

@ -1,6 +1,6 @@
class AuthD::Request
IPC::JSON.message ModUser, 6 do
property user : UserID | Nil = nil
property user : UserID? = nil
property admin : Bool? = nil
property password : String? = nil
property email : String? = nil

View File

@ -1,6 +1,6 @@
class AuthD::Request
IPC::JSON.message CheckPermission, 10 do
property user : UserID
property user : UserID? = nil
property service : String
property resource : String
@ -10,9 +10,13 @@ class AuthD::Request
def handle(authd : AuthD::Service, fd : Int32)
logged_user = authd.get_logged_user_full? fd
return Response::Error.new "you must be logged" if logged_user.nil?
logged_user.assert_permission("authd", "*", User::PermissionLevel::Admin)
user = authd.user? @user
user = if u = @user
logged_user.assert_permission("authd", "*", User::PermissionLevel::Read)
authd.user? u
else
logged_user
end
return Response::Error.new "no such user" if user.nil?
service_permissions = user.permissions[@service]?
@ -43,7 +47,11 @@ class AuthD::Request
return Response::Error.new "you must be logged" if logged_user.nil?
logged_user.assert_permission("authd", "*", User::PermissionLevel::Admin)
user = authd.user? @user
user = if u = @user
authd.user? u
else
logged_user
end
return Response::Error.new "no such user" if user.nil?
service_permissions = user.permissions[@service]?

View File

@ -1,7 +1,7 @@
class AuthD::Request
# Reset elements for which keys are present in `new_profile_entries`.
IPC::JSON.message EditProfileEntries, 7 do
property user : UserID | Nil = nil
property user : UserID? = nil
property new_profile_entries : Hash(String, JSON::Any)