From 3d8d74e8b70b810bd4348bf37a527b35dcfda671 Mon Sep 17 00:00:00 2001 From: Philippe Pittoli Date: Tue, 13 Jun 2023 01:32:54 +0200 Subject: [PATCH] Some inconsistencies have been dealt with. Authorization rules are documented. --- TODO.md | 23 +++++++++++++++++------ src/requests/list.cr | 8 +++++++- src/requests/search.cr | 8 ++++++-- 3 files changed, 30 insertions(+), 9 deletions(-) diff --git a/TODO.md b/TODO.md index a442f4c..32dc614 100644 --- a/TODO.md +++ b/TODO.md @@ -8,15 +8,26 @@ A combinaison of both is fine as long as the logic is comprehensively documented A simple error message is given instead of specific messages for each recurring error. In the same time, some exceptions (such as **AdminAuthenticationException**) are used a few times for the same kind of errors. -**Authorization rules** should be clear and documented. -Currently, some operations are restricted to an admin, defined explicitely by the user *admin* boolean. -These operations could be delegated to simple users with some specific fine-grained authorizations. - Requests work mostly on current user, but some take a *UserID* to identify another user. Requests should either always work on current user (which implies to create new requests working on another user) or always take an optional *UserID* parameter. -Some requests require to be authenticated without either accessing confidential data or modifying any entry in the database. -**Check for inconsistencies**. +### Authorization rules + +Logged users can: +- retrieve public data of any user **individually** +- change their own data: password, email address, profile entries (except the read-only ones) +- delete their account + +Admins with 'Read' permission on the '*' resource can: +- list users + +Admins with 'Edit' permission on the '*' resource can: +- change data of another user + +Admins with 'Admin' permission on the '*' resource (or the 'admin' boolean) can: +- change read-only profile entries and permissions +- delete a user +- uprank and downrank admins ### Structures, not classes diff --git a/src/requests/list.cr b/src/requests/list.cr index 8744e72..1f0538e 100644 --- a/src/requests/list.cr +++ b/src/requests/list.cr @@ -1,5 +1,10 @@ class AuthD::Request IPC::JSON.message ListUsers, 8 do + + # Since the list could be long, here is a way to get it at a reasonable pace. + property offset : Int32 = 0 + # By default, authd will send 10 users at a time. + def initialize() end @@ -10,7 +15,8 @@ class AuthD::Request # Test if the user is a moderator. logged_user.assert_permission("authd", "*", User::PermissionLevel::Read) - Response::UsersList.new authd.users.to_h.map &.[1].to_public + list = authd.users.to_h.map &.[1].to_public + Response::UsersList.new list[offset..offset+10] end end AuthD.requests << ListUsers diff --git a/src/requests/search.cr b/src/requests/search.cr index ebe06d5..16b5b17 100644 --- a/src/requests/search.cr +++ b/src/requests/search.cr @@ -2,7 +2,11 @@ class AuthD::Request IPC::JSON.message SearchUser, 13 do property user : String - def initialize(@user) + # Since the list could be long, here is a way to get it at a reasonable pace. + property offset : Int32 = 0 + # By default, authd will send 10 users at a time. + + def initialize(@user, @offset = 0) end def handle(authd : AuthD::Service, fd : Int32) @@ -31,7 +35,7 @@ class AuthD::Request end end - Response::MatchingUsers.new matching_users + Response::MatchingUsers.new matching_users[offset..offset+10] end end AuthD.requests << SearchUser