Baguette
/
authd
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

s/UserID | Nil/UserID?/ and allow simple users to read their permissions.

master
Philippe Pittoli 2023-06-13 18:37:58 +02:00
parent 7324bdb619
commit 186edd2ca0
4 changed files with 15 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/requests/delete.cr
View File

@ -1,7 +1,7 @@
class AuthD::Request class AuthD::Request
IPC::JSON.message Delete, 8 do IPC::JSON.message Delete, 8 do
# Deletion can be triggered by either an admin or the related user. # Deletion can be triggered by either an admin or the related user.
property user : UserID | Nil = nil property user : UserID? = nil
def initialize(@user = nil) def initialize(@user = nil)
end end

2
src/requests/moduser.cr
View File

@ -1,6 +1,6 @@
class AuthD::Request class AuthD::Request
IPC::JSON.message ModUser, 6 do IPC::JSON.message ModUser, 6 do
property user : UserID | Nil = nil property user : UserID? = nil
property admin : Bool? = nil property admin : Bool? = nil
property password : String? = nil property password : String? = nil
property email : String? = nil property email : String? = nil

16
src/requests/permissions.cr
View File

@ -1,6 +1,6 @@
class AuthD::Request class AuthD::Request
IPC::JSON.message CheckPermission, 10 do IPC::JSON.message CheckPermission, 10 do
property user : UserID property user : UserID? = nil
property service : String property service : String
property resource : String property resource : String
@ -10,9 +10,13 @@ class AuthD::Request
def handle(authd : AuthD::Service, fd : Int32) def handle(authd : AuthD::Service, fd : Int32)
logged_user = authd.get_logged_user_full? fd logged_user = authd.get_logged_user_full? fd
return Response::Error.new "you must be logged" if logged_user.nil? return Response::Error.new "you must be logged" if logged_user.nil?
logged_user.assert_permission("authd", "*", User::PermissionLevel::Admin)
user = authd.user? @user user = if u = @user
logged_user.assert_permission("authd", "*", User::PermissionLevel::Read)
authd.user? u
else
logged_user
end
return Response::Error.new "no such user" if user.nil? return Response::Error.new "no such user" if user.nil?
service_permissions = user.permissions[@service]? service_permissions = user.permissions[@service]?
@ -43,7 +47,11 @@ class AuthD::Request
return Response::Error.new "you must be logged" if logged_user.nil? return Response::Error.new "you must be logged" if logged_user.nil?
logged_user.assert_permission("authd", "*", User::PermissionLevel::Admin) logged_user.assert_permission("authd", "*", User::PermissionLevel::Admin)
user = authd.user? @user user = if u = @user
authd.user? u
else
logged_user
end
return Response::Error.new "no such user" if user.nil? return Response::Error.new "no such user" if user.nil?
service_permissions = user.permissions[@service]? service_permissions = user.permissions[@service]?

2
src/requests/profile.cr
View File

@ -1,7 +1,7 @@
class AuthD::Request class AuthD::Request
# Reset elements for which keys are present in `new_profile_entries`. # Reset elements for which keys are present in `new_profile_entries`.
IPC::JSON.message EditProfileEntries, 7 do IPC::JSON.message EditProfileEntries, 7 do
property user : UserID | Nil = nil property user : UserID? = nil
property new_profile_entries : Hash(String, JSON::Any) property new_profile_entries : Hash(String, JSON::Any)