Refactored Rights interface to return errors
This commit is contained in:
parent
49b95473bb
commit
0933ac0823
18
Readme.md
18
Readme.md
|
@ -40,7 +40,7 @@ other handler implementations, enabling a lot of flexibility while develeoping.
|
||||||
|
|
||||||
* [x] Improve docs/Merge with the ones of Vikunja
|
* [x] Improve docs/Merge with the ones of Vikunja
|
||||||
* [x] Description of web.HTTPError
|
* [x] Description of web.HTTPError
|
||||||
* [ ] Rights methods should return errors (I know, this will break a lot of existing stuff)
|
* [x] Rights methods should return errors (I know, this will break a lot of existing stuff)
|
||||||
* [ ] optional Before- and after-{load|update|create} methods which do some preprocessing/after processing like making human-readable names from automatically up counting consts
|
* [ ] optional Before- and after-{load|update|create} methods which do some preprocessing/after processing like making human-readable names from automatically up counting consts
|
||||||
* [ ] "Magic": Check if a passed struct implements Crudable methods and use a general (user defined) function if not
|
* [ ] "Magic": Check if a passed struct implements Crudable methods and use a general (user defined) function if not
|
||||||
|
|
||||||
|
@ -85,18 +85,20 @@ way to do this, don't hesitate to [drop me a message](https://vikunja.io/en/cont
|
||||||
|
|
||||||
## Rights
|
## Rights
|
||||||
|
|
||||||
This interface defines methods to check for rights on structs. They accept an `Auth`-element as parameter and return a `bool`.
|
This interface defines methods to check for rights on structs. They accept an `Auth`-element as parameter and return a `bool` and `error`.
|
||||||
|
|
||||||
|
The `error` is handled [as usual](#errors).
|
||||||
|
|
||||||
The interface is defined as followed:
|
The interface is defined as followed:
|
||||||
|
|
||||||
```go
|
```go
|
||||||
type Rights interface {
|
type Rights interface {
|
||||||
IsAdmin(Auth) bool
|
IsAdmin(Auth) (bool, error)
|
||||||
CanWrite(Auth) bool
|
CanWrite(Auth) (bool, error)
|
||||||
CanRead(Auth) bool
|
CanRead(Auth) (bool, error)
|
||||||
CanDelete(Auth) bool
|
CanDelete(Auth) (bool, error)
|
||||||
CanUpdate(Auth) bool
|
CanUpdate(Auth) (bool, error)
|
||||||
CanCreate(Auth) bool
|
CanCreate(Auth) (bool, error)
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -42,7 +42,11 @@ func (c *WebHandler) CreateWeb(ctx echo.Context) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check rights
|
// Check rights
|
||||||
if !currentStruct.CanCreate(currentAuth) {
|
canRead, err := currentStruct.CanCreate(currentAuth)
|
||||||
|
if err != nil {
|
||||||
|
return HandleHTTPError(err, ctx)
|
||||||
|
}
|
||||||
|
if canRead {
|
||||||
config.LoggingProvider.Noticef("Tried to create while not having the rights for it (User: %v)", currentAuth)
|
config.LoggingProvider.Noticef("Tried to create while not having the rights for it (User: %v)", currentAuth)
|
||||||
return echo.NewHTTPError(http.StatusForbidden)
|
return echo.NewHTTPError(http.StatusForbidden)
|
||||||
}
|
}
|
||||||
|
|
|
@ -40,7 +40,11 @@ func (c *WebHandler) DeleteWeb(ctx echo.Context) error {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return echo.NewHTTPError(http.StatusInternalServerError)
|
return echo.NewHTTPError(http.StatusInternalServerError)
|
||||||
}
|
}
|
||||||
if !currentStruct.CanDelete(currentAuth) {
|
canDelete, err := currentStruct.CanDelete(currentAuth)
|
||||||
|
if err != nil {
|
||||||
|
return HandleHTTPError(err, ctx)
|
||||||
|
}
|
||||||
|
if canDelete {
|
||||||
config.LoggingProvider.Noticef("Tried to create while not having the rights for it (User: %v)", currentAuth)
|
config.LoggingProvider.Noticef("Tried to create while not having the rights for it (User: %v)", currentAuth)
|
||||||
return echo.NewHTTPError(http.StatusForbidden)
|
return echo.NewHTTPError(http.StatusForbidden)
|
||||||
}
|
}
|
||||||
|
|
|
@ -42,7 +42,11 @@ func (c *WebHandler) ReadOneWeb(ctx echo.Context) error {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return echo.NewHTTPError(http.StatusInternalServerError, "Could not determine the current user.")
|
return echo.NewHTTPError(http.StatusInternalServerError, "Could not determine the current user.")
|
||||||
}
|
}
|
||||||
if !currentStruct.CanRead(currentAuth) {
|
canRead, err := currentStruct.CanRead(currentAuth)
|
||||||
|
if err != nil {
|
||||||
|
return HandleHTTPError(err, ctx)
|
||||||
|
}
|
||||||
|
if canRead {
|
||||||
config.LoggingProvider.Noticef("Tried to create while not having the rights for it (User: %v)", currentAuth)
|
config.LoggingProvider.Noticef("Tried to create while not having the rights for it (User: %v)", currentAuth)
|
||||||
return echo.NewHTTPError(http.StatusForbidden, "You don't have the right to see this")
|
return echo.NewHTTPError(http.StatusForbidden, "You don't have the right to see this")
|
||||||
}
|
}
|
||||||
|
|
|
@ -41,7 +41,11 @@ func (c *WebHandler) UpdateWeb(ctx echo.Context) error {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return echo.NewHTTPError(http.StatusInternalServerError, "Could not determine the current user.")
|
return echo.NewHTTPError(http.StatusInternalServerError, "Could not determine the current user.")
|
||||||
}
|
}
|
||||||
if !currentStruct.CanUpdate(currentAuth) {
|
canUpdate, err := currentStruct.CanUpdate(currentAuth)
|
||||||
|
if err != nil {
|
||||||
|
return HandleHTTPError(err, ctx)
|
||||||
|
}
|
||||||
|
if canUpdate {
|
||||||
config.LoggingProvider.Noticef("Tried to create while not having the rights for it (User: %v)", currentAuth)
|
config.LoggingProvider.Noticef("Tried to create while not having the rights for it (User: %v)", currentAuth)
|
||||||
return echo.NewHTTPError(http.StatusForbidden)
|
return echo.NewHTTPError(http.StatusForbidden)
|
||||||
}
|
}
|
||||||
|
|
12
web.go
12
web.go
|
@ -19,12 +19,12 @@ import "github.com/labstack/echo"
|
||||||
|
|
||||||
// Rights defines rights methods
|
// Rights defines rights methods
|
||||||
type Rights interface {
|
type Rights interface {
|
||||||
IsAdmin(Auth) bool
|
IsAdmin(Auth) (bool, error)
|
||||||
CanWrite(Auth) bool
|
CanWrite(Auth) (bool, error)
|
||||||
CanRead(Auth) bool
|
CanRead(Auth) (bool, error)
|
||||||
CanDelete(Auth) bool
|
CanDelete(Auth) (bool, error)
|
||||||
CanUpdate(Auth) bool
|
CanUpdate(Auth) (bool, error)
|
||||||
CanCreate(Auth) bool
|
CanCreate(Auth) (bool, error)
|
||||||
}
|
}
|
||||||
|
|
||||||
// CRUDable defines the crud methods
|
// CRUDable defines the crud methods
|
||||||
|
|
Loading…
Reference in New Issue