class AuthD::Request IPC::JSON.message CheckPermission, 9 do property user : UserID property service : String property resource : String def initialize(@user, @service, @resource) end def handle(authd : AuthD::Service, fd : Int32) logged_user = authd.get_logged_user? fd return Response::Error.new "you must be logged" if logged_user.nil? return Response::Error.new "unauthorized (not admin)" unless logged_user.admin user = authd.user? @user return Response::Error.new "no such user" if user.nil? service = @service service_permissions = user.permissions[service]? if service_permissions.nil? return Response::PermissionCheck.new service, @resource, user.uid, User::PermissionLevel::None end resource_permissions = service_permissions[@resource]? if resource_permissions.nil? return Response::PermissionCheck.new service, @resource, user.uid, User::PermissionLevel::None end return Response::PermissionCheck.new service, @resource, user.uid, resource_permissions end end AuthD.requests << CheckPermission IPC::JSON.message SetPermission, 10 do property user : UserID property service : String property resource : String property permission : ::AuthD::User::PermissionLevel def initialize(@user, @service, @resource, @permission) end def handle(authd : AuthD::Service, fd : Int32) logged_user = authd.get_logged_user? fd return Response::Error.new "you must be logged" if logged_user.nil? return Response::Error.new "unauthorized (not admin)" unless logged_user.admin user = authd.user? @user return Response::Error.new "no such user" if user.nil? service = @service service_permissions = user.permissions[service]? if service_permissions.nil? service_permissions = Hash(String, User::PermissionLevel).new user.permissions[service] = service_permissions end if @permission.none? service_permissions.delete @resource else service_permissions[@resource] = @permission end authd.users_per_uid.update user.uid.to_s, user Response::PermissionSet.new user.uid, service, @resource, @permission end end AuthD.requests << SetPermission end