vikunja
/
web
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Refactored Rights interface to return errors

This commit is contained in:
konrad 2019-03-24 11:52:29 +01:00
parent 49b95473bb
commit 0933ac0823
Signed by: konrad
GPG Key ID: F40E70337AB24C9B
6 changed files with 36 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
Readme.md
View File

@ -40,7 +40,7 @@ other handler implementations, enabling a lot of flexibility while develeoping.
* [x] Improve docs/Merge with the ones of Vikunja * [x] Improve docs/Merge with the ones of Vikunja
* [x] Description of web.HTTPError * [x] Description of web.HTTPError
* [ ] Rights methods should return errors (I know, this will break a lot of existing stuff) * [x] Rights methods should return errors (I know, this will break a lot of existing stuff)
* [ ] optional Before- and after-{load|update|create} methods which do some preprocessing/after processing like making human-readable names from automatically up counting consts * [ ] optional Before- and after-{load|update|create} methods which do some preprocessing/after processing like making human-readable names from automatically up counting consts
* [ ] "Magic": Check if a passed struct implements Crudable methods and use a general (user defined) function if not * [ ] "Magic": Check if a passed struct implements Crudable methods and use a general (user defined) function if not
@ -85,18 +85,20 @@ way to do this, don't hesitate to [drop me a message](https://vikunja.io/en/cont
## Rights ## Rights
This interface defines methods to check for rights on structs. They accept an `Auth`-element as parameter and return a `bool`. This interface defines methods to check for rights on structs. They accept an `Auth`-element as parameter and return a `bool` and `error`.
The `error` is handled [as usual](#errors).
The interface is defined as followed: The interface is defined as followed:
```go ```go
type Rights interface { type Rights interface {
IsAdmin(Auth) bool IsAdmin(Auth) (bool, error)
CanWrite(Auth) bool CanWrite(Auth) (bool, error)
CanRead(Auth) bool CanRead(Auth) (bool, error)
CanDelete(Auth) bool CanDelete(Auth) (bool, error)
CanUpdate(Auth) bool CanUpdate(Auth) (bool, error)
CanCreate(Auth) bool CanCreate(Auth) (bool, error)
} }
``` ```

6
handler/create.go
View File

@ -42,7 +42,11 @@ func (c *WebHandler) CreateWeb(ctx echo.Context) error {
} }
// Check rights // Check rights
if !currentStruct.CanCreate(currentAuth) { canRead, err := currentStruct.CanCreate(currentAuth)
if err != nil {
return HandleHTTPError(err, ctx)
}
if canRead {
config.LoggingProvider.Noticef("Tried to create while not having the rights for it (User: %v)", currentAuth) config.LoggingProvider.Noticef("Tried to create while not having the rights for it (User: %v)", currentAuth)
return echo.NewHTTPError(http.StatusForbidden) return echo.NewHTTPError(http.StatusForbidden)
} }

6
handler/delete.go
View File

@ -40,7 +40,11 @@ func (c *WebHandler) DeleteWeb(ctx echo.Context) error {
if err != nil { if err != nil {
return echo.NewHTTPError(http.StatusInternalServerError) return echo.NewHTTPError(http.StatusInternalServerError)
} }
if !currentStruct.CanDelete(currentAuth) { canDelete, err := currentStruct.CanDelete(currentAuth)
if err != nil {
return HandleHTTPError(err, ctx)
}
if canDelete {
config.LoggingProvider.Noticef("Tried to create while not having the rights for it (User: %v)", currentAuth) config.LoggingProvider.Noticef("Tried to create while not having the rights for it (User: %v)", currentAuth)
return echo.NewHTTPError(http.StatusForbidden) return echo.NewHTTPError(http.StatusForbidden)
} }

6
handler/read_one.go
View File

@ -42,7 +42,11 @@ func (c *WebHandler) ReadOneWeb(ctx echo.Context) error {
if err != nil { if err != nil {
return echo.NewHTTPError(http.StatusInternalServerError, "Could not determine the current user.") return echo.NewHTTPError(http.StatusInternalServerError, "Could not determine the current user.")
} }
if !currentStruct.CanRead(currentAuth) { canRead, err := currentStruct.CanRead(currentAuth)
if err != nil {
return HandleHTTPError(err, ctx)
}
if canRead {
config.LoggingProvider.Noticef("Tried to create while not having the rights for it (User: %v)", currentAuth) config.LoggingProvider.Noticef("Tried to create while not having the rights for it (User: %v)", currentAuth)
return echo.NewHTTPError(http.StatusForbidden, "You don't have the right to see this") return echo.NewHTTPError(http.StatusForbidden, "You don't have the right to see this")
} }

6
handler/update.go
View File

@ -41,7 +41,11 @@ func (c *WebHandler) UpdateWeb(ctx echo.Context) error {
if err != nil { if err != nil {
return echo.NewHTTPError(http.StatusInternalServerError, "Could not determine the current user.") return echo.NewHTTPError(http.StatusInternalServerError, "Could not determine the current user.")
} }
if !currentStruct.CanUpdate(currentAuth) { canUpdate, err := currentStruct.CanUpdate(currentAuth)
if err != nil {
return HandleHTTPError(err, ctx)
}
if canUpdate {
config.LoggingProvider.Noticef("Tried to create while not having the rights for it (User: %v)", currentAuth) config.LoggingProvider.Noticef("Tried to create while not having the rights for it (User: %v)", currentAuth)
return echo.NewHTTPError(http.StatusForbidden) return echo.NewHTTPError(http.StatusForbidden)
} }

12
web.go
View File

@ -19,12 +19,12 @@ import "github.com/labstack/echo"
// Rights defines rights methods // Rights defines rights methods
type Rights interface { type Rights interface {
IsAdmin(Auth) bool IsAdmin(Auth) (bool, error)
CanWrite(Auth) bool CanWrite(Auth) (bool, error)
CanRead(Auth) bool CanRead(Auth) (bool, error)
CanDelete(Auth) bool CanDelete(Auth) (bool, error)
CanUpdate(Auth) bool CanUpdate(Auth) (bool, error)
CanCreate(Auth) bool CanCreate(Auth) (bool, error)
} }
// CRUDable defines the crud methods // CRUDable defines the crud methods