2023-02-01 11:10:30 +01:00
|
|
|
class AuthD::Request
|
|
|
|
|
IPC::JSON.message CheckPermission, 9 do
|
|
|
|
|
property shared_key : String? = nil
|
|
|
|
|
property token : String? = nil
|
|
|
|
|
|
|
|
|
|
property user : Int32 | String
|
|
|
|
|
property service : String
|
|
|
|
|
property resource : String
|
|
|
|
|
|
|
|
|
|
def initialize(@shared_key, @user, @service, @resource)
|
|
|
|
|
end
|
|
|
|
|
|
2023-02-01 11:17:18 +01:00
|
|
|
def handle(authd : AuthD::Service)
|
2023-02-01 11:10:30 +01:00
|
|
|
authorized = false
|
|
|
|
|
|
|
|
|
|
if key = @shared_key
|
|
|
|
|
if key == authd.configuration.shared_key
|
|
|
|
|
authorized = true
|
|
|
|
|
else
|
|
|
|
|
return Response::Error.new "invalid key provided"
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
if token = @token
|
|
|
|
|
user = authd.get_user_from_token token
|
|
|
|
|
|
|
|
|
|
if user.nil?
|
|
|
|
|
return Response::Error.new "token does not match user"
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
if user.login != @user && user.uid != @user
|
|
|
|
|
return Response::Error.new "token does not match user"
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
authorized = true
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
unless authorized
|
|
|
|
|
return Response::Error.new "unauthorized"
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
user = case u = @user
|
|
|
|
|
when .is_a? Int32
|
|
|
|
|
authd.users_per_uid.get? u.to_s
|
|
|
|
|
else
|
|
|
|
|
authd.users_per_login.get? u
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
if user.nil?
|
|
|
|
|
return Response::Error.new "no such user"
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
service = @service
|
|
|
|
|
service_permissions = user.permissions[service]?
|
|
|
|
|
|
|
|
|
|
if service_permissions.nil?
|
|
|
|
|
return Response::PermissionCheck.new service, @resource, user.uid, User::PermissionLevel::None
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
resource_permissions = service_permissions[@resource]?
|
|
|
|
|
|
|
|
|
|
if resource_permissions.nil?
|
|
|
|
|
return Response::PermissionCheck.new service, @resource, user.uid, User::PermissionLevel::None
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
return Response::PermissionCheck.new service, @resource, user.uid, resource_permissions
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
AuthD.requests << CheckPermission
|
|
|
|
|
|
|
|
|
|
IPC::JSON.message SetPermission, 10 do
|
|
|
|
|
property shared_key : String
|
|
|
|
|
|
|
|
|
|
property user : Int32 | String
|
|
|
|
|
property service : String
|
|
|
|
|
property resource : String
|
|
|
|
|
property permission : ::AuthD::User::PermissionLevel
|
|
|
|
|
|
|
|
|
|
def initialize(@shared_key, @user, @service, @resource, @permission)
|
|
|
|
|
end
|
|
|
|
|
|
2023-02-01 11:17:18 +01:00
|
|
|
def handle(authd : AuthD::Service)
|
2023-02-01 11:10:30 +01:00
|
|
|
unless @shared_key == authd.configuration.shared_key
|
|
|
|
|
return Response::Error.new "unauthorized"
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
user = authd.users_per_uid.get? @user.to_s
|
|
|
|
|
|
|
|
|
|
if user.nil?
|
|
|
|
|
return Response::Error.new "no such user"
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
service = @service
|
|
|
|
|
service_permissions = user.permissions[service]?
|
|
|
|
|
|
|
|
|
|
if service_permissions.nil?
|
|
|
|
|
service_permissions = Hash(String, User::PermissionLevel).new
|
|
|
|
|
user.permissions[service] = service_permissions
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
if @permission.none?
|
|
|
|
|
service_permissions.delete @resource
|
|
|
|
|
else
|
|
|
|
|
service_permissions[@resource] = @permission
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
authd.users_per_uid.update user.uid.to_s, user
|
|
|
|
|
|
|
|
|
|
Response::PermissionSet.new user.uid, service, @resource, @permission
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
AuthD.requests << SetPermission
|
|
|
|
|
end
|
