103 lines
2.5 KiB
Crystal
103 lines
2.5 KiB
Crystal
require "json"
|
|
require "uuid"
|
|
|
|
class AuthD::User
|
|
include JSON::Serializable
|
|
|
|
def_clone
|
|
|
|
enum PermissionLevel
|
|
None
|
|
Read
|
|
Edit
|
|
Admin
|
|
|
|
def to_json(o)
|
|
to_s.downcase.to_json o
|
|
end
|
|
end
|
|
|
|
class Contact
|
|
include JSON::Serializable
|
|
|
|
def_clone
|
|
|
|
# the activation key is removed once the user is validated
|
|
property activation_key : String? = nil
|
|
property email : String?
|
|
|
|
# Not yet validated email address: useful to keep a the previous validated email address
|
|
# until the new address is validated.
|
|
property pending_email : String? = nil
|
|
|
|
def initialize(@email = nil)
|
|
end
|
|
|
|
def new_activation_key
|
|
@activation_key = UUID.random.to_s
|
|
end
|
|
end
|
|
|
|
# Public.
|
|
property login : String
|
|
property uid : UInt32
|
|
property admin : Bool = false
|
|
property profile : Hash(String, JSON::Any)?
|
|
|
|
# Private.
|
|
property contact : Contact
|
|
property password_hash_brkn : String? = nil # Old, broken algorithm.
|
|
property password_hash : String
|
|
property password_renew_key : String?
|
|
# service => resource => permission level
|
|
property permissions : Hash(String, Hash(String, PermissionLevel))
|
|
property configuration : Hash(String, Hash(String, JSON::Any))
|
|
property date_last_connection : Time? = nil
|
|
property date_registration : Time? = nil
|
|
|
|
def to_token
|
|
Token.new @login, @uid
|
|
end
|
|
|
|
def initialize(@uid, @login, @password_hash, @admin = false)
|
|
@contact = Contact.new
|
|
@permissions = Hash(String, Hash(String, PermissionLevel)).new
|
|
@configuration = Hash(String, Hash(String, JSON::Any)).new
|
|
end
|
|
|
|
class Public
|
|
include JSON::Serializable
|
|
|
|
property login : String
|
|
property uid : UInt32
|
|
property admin : Bool = false
|
|
property profile : Hash(String, JSON::Any)?
|
|
|
|
property date_registration : Time?
|
|
|
|
def initialize(@uid, @login, @admin, @profile, @date_registration)
|
|
end
|
|
end
|
|
|
|
def to_public : Public
|
|
Public.new @uid, @login, @admin, @profile, @date_registration
|
|
end
|
|
|
|
def assert_permission(service : String, resource : String, level : User::PermissionLevel)
|
|
return if @admin # skip if admin
|
|
|
|
permissions = @permissions[service]?
|
|
unless permissions
|
|
raise AdminAuthorizationException.new "unauthorized (not admin nor in #{service} group)"
|
|
end
|
|
|
|
rights = permissions[resource]?
|
|
unless rights
|
|
raise AdminAuthorizationException.new "unauthorized (no rights on '#{service}/#{resource}')"
|
|
end
|
|
|
|
if rights < level
|
|
raise AdminAuthorizationException.new "unauthorized (insufficient rights on '#{service}/#{resource}')"
|
|
end
|
|
end
|
|
end
|