Permission checking can be done by users.

rewrite
Luka Vandervelden 2020-10-09 15:51:36 +02:00
parent 0508c99b43
commit 851a3accfe
2 changed files with 34 additions and 3 deletions

View File

@ -275,7 +275,8 @@ class AuthD::Request
end
class CheckPermission < Request
property shared_key : String
property shared_key : String?
property token : String?
property user : Int32 | String
property service : String

View File

@ -286,11 +286,41 @@ class AuthD::Service
Response::UsersList.new @users.to_h.map &.[1].to_public
when Request::CheckPermission
unless request.shared_key == @jwt_key
authorized = false
if key = request.shared_key
if key == @jwt_key
authorized = true
else
return Response::Error.new "invalid key provided"
end
end
if token = request.token
user = get_user_from_token token
if user.nil?
return Response::Error.new "token does not match user"
end
pp! request.user, user.login, request.user == user.login
if user.login != request.user && user.uid != request.user
return Response::Error.new "token does not match user"
end
authorized = true
end
unless authorized
return Response::Error.new "unauthorized"
end
user = @users_per_uid.get? request.user.to_s
user = case u = request.user
when .is_a? Int32
@users_per_uid.get? u.to_s
else
@users_per_login.get? u
end
if user.nil?
return Response::Error.new "no such user"