s/UserID | Nil/UserID?/ and allow simple users to read their permissions.

2023-06-13 18:37:58 +02:00 · 2023-06-13 18:37:58 +02:00 · 186edd2ca0
parent 7324bdb619
commit 186edd2ca0
4 changed files with 15 additions and 7 deletions
--- a/src/requests/delete.cr
+++ b/src/requests/delete.cr
@ -1,7 +1,7 @@
 class AuthD::Request
 	IPC::JSON.message Delete, 8 do
 		# Deletion can be triggered by either an admin or the related user.
-		property user : UserID | Nil = nil
+		property user : UserID? = nil

 		def initialize(@user = nil)
 		end
--- a/src/requests/moduser.cr
+++ b/src/requests/moduser.cr
@ -1,6 +1,6 @@
 class AuthD::Request
 	IPC::JSON.message ModUser, 6 do
-		property user       : UserID | Nil = nil
+		property user       : UserID? = nil
 		property admin      : Bool?   = nil
 		property password   : String? = nil
 		property email      : String? = nil
--- a/src/requests/permissions.cr
+++ b/src/requests/permissions.cr
@ -1,6 +1,6 @@
 class AuthD::Request
 	IPC::JSON.message CheckPermission, 10 do
-		property user       : UserID
+		property user       : UserID? = nil
 		property service    : String
 		property resource   : String

@ -10,9 +10,13 @@ class AuthD::Request
 		def handle(authd : AuthD::Service, fd : Int32)
 			logged_user = authd.get_logged_user_full? fd
 			return Response::Error.new "you must be logged" if logged_user.nil?
-			logged_user.assert_permission("authd", "*", User::PermissionLevel::Admin)

-			user = authd.user? @user
+			user = if u = @user
+				logged_user.assert_permission("authd", "*", User::PermissionLevel::Read)
+				authd.user? u
+			else
+				logged_user
+			end
 			return Response::Error.new "no such user" if user.nil?

 			service_permissions = user.permissions[@service]?
@ -43,7 +47,11 @@ class AuthD::Request
 			return Response::Error.new "you must be logged" if logged_user.nil?
 			logged_user.assert_permission("authd", "*", User::PermissionLevel::Admin)

-			user = authd.user? @user
+			user = if u = @user
+				authd.user? u
+			else
+				logged_user
+			end
 			return Response::Error.new "no such user" if user.nil?

 			service_permissions = user.permissions[@service]?
--- a/src/requests/profile.cr
+++ b/src/requests/profile.cr
@ -1,7 +1,7 @@
 class AuthD::Request
 	# Reset elements for which keys are present in `new_profile_entries`.
 	IPC::JSON.message EditProfileEntries, 7 do
-		property user : UserID | Nil = nil
+		property user : UserID? = nil

 		property new_profile_entries : Hash(String, JSON::Any)