vikunja
/
web
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Refactored Rights interface to return errors

This commit is contained in:
konrad 2019-03-24 11:52:29 +01:00
parent 49b95473bb
commit 0933ac0823
Signed by: konrad
GPG Key ID: F40E70337AB24C9B
6 changed files with 36 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
Readme.md
View File

@ -40,7 +40,7 @@ other handler implementations, enabling a lot of flexibility while develeoping.
* [x] Improve docs/Merge with the ones of Vikunja
* [x] Description of web.HTTPError
* [ ] Rights methods should return errors (I know, this will break a lot of existing stuff)
* [x] Rights methods should return errors (I know, this will break a lot of existing stuff)
* [ ] optional Before- and after-{load|update|create} methods which do some preprocessing/after processing like making human-readable names from automatically up counting consts
* [ ] "Magic": Check if a passed struct implements Crudable methods and use a general (user defined) function if not
@ -85,18 +85,20 @@ way to do this, don't hesitate to [drop me a message](https://vikunja.io/en/cont
## Rights
This interface defines methods to check for rights on structs. They accept an `Auth`-element as parameter and return a `bool`.
This interface defines methods to check for rights on structs. They accept an `Auth`-element as parameter and return a `bool` and `error`.
The `error` is handled [as usual](#errors).
The interface is defined as followed:
```go
type Rights interface {
IsAdmin(Auth) bool
CanWrite(Auth) bool
CanRead(Auth) bool
CanDelete(Auth) bool
CanUpdate(Auth) bool
CanCreate(Auth) bool
IsAdmin(Auth) (bool, error)
CanWrite(Auth) (bool, error)
CanRead(Auth) (bool, error)
CanDelete(Auth) (bool, error)
CanUpdate(Auth) (bool, error)
CanCreate(Auth) (bool, error)
}
```

6
handler/create.go
View File

@ -42,7 +42,11 @@ func (c *WebHandler) CreateWeb(ctx echo.Context) error {
}
// Check rights
if !currentStruct.CanCreate(currentAuth) {
canRead, err := currentStruct.CanCreate(currentAuth)
if err != nil {
return HandleHTTPError(err, ctx)
}
if canRead {
config.LoggingProvider.Noticef("Tried to create while not having the rights for it (User: %v)", currentAuth)
return echo.NewHTTPError(http.StatusForbidden)
}

6
handler/delete.go
View File

@ -40,7 +40,11 @@ func (c *WebHandler) DeleteWeb(ctx echo.Context) error {
if err != nil {
return echo.NewHTTPError(http.StatusInternalServerError)
}
if !currentStruct.CanDelete(currentAuth) {
canDelete, err := currentStruct.CanDelete(currentAuth)
if err != nil {
return HandleHTTPError(err, ctx)
}
if canDelete {
config.LoggingProvider.Noticef("Tried to create while not having the rights for it (User: %v)", currentAuth)
return echo.NewHTTPError(http.StatusForbidden)
}

6
handler/read_one.go
View File

@ -42,7 +42,11 @@ func (c *WebHandler) ReadOneWeb(ctx echo.Context) error {
if err != nil {
return echo.NewHTTPError(http.StatusInternalServerError, "Could not determine the current user.")
}
if !currentStruct.CanRead(currentAuth) {
canRead, err := currentStruct.CanRead(currentAuth)
if err != nil {
return HandleHTTPError(err, ctx)
}
if canRead {
config.LoggingProvider.Noticef("Tried to create while not having the rights for it (User: %v)", currentAuth)
return echo.NewHTTPError(http.StatusForbidden, "You don't have the right to see this")
}

6
handler/update.go
View File

@ -41,7 +41,11 @@ func (c *WebHandler) UpdateWeb(ctx echo.Context) error {
if err != nil {
return echo.NewHTTPError(http.StatusInternalServerError, "Could not determine the current user.")
}
if !currentStruct.CanUpdate(currentAuth) {
canUpdate, err := currentStruct.CanUpdate(currentAuth)
if err != nil {
return HandleHTTPError(err, ctx)
}
if canUpdate {
config.LoggingProvider.Noticef("Tried to create while not having the rights for it (User: %v)", currentAuth)
return echo.NewHTTPError(http.StatusForbidden)
}

12
web.go
View File

@ -19,12 +19,12 @@ import "github.com/labstack/echo"
// Rights defines rights methods
type Rights interface {
IsAdmin(Auth) bool
CanWrite(Auth) bool
CanRead(Auth) bool
CanDelete(Auth) bool
CanUpdate(Auth) bool
CanCreate(Auth) bool
IsAdmin(Auth) (bool, error)
CanWrite(Auth) (bool, error)
CanRead(Auth) (bool, error)
CanDelete(Auth) (bool, error)
CanUpdate(Auth) (bool, error)
CanCreate(Auth) (bool, error)
}
// CRUDable defines the crud methods