all

2024-04-21 14:42:52 +02:00
parent 4b69674ede
commit 8a25f53c99
10700 changed files with 55767 additions and 14201 deletions
--- a/Downloads/Voltaserve/api/guard/file_guard.go
+++ b/Downloads/Voltaserve/api/guard/file_guard.go
@ -0,0 +1,52 @@
+package guard
+
+import (
+	"voltaserve/cache"
+	"voltaserve/errorpkg"
+	"voltaserve/model"
+
+	"github.com/gofiber/fiber/v2/log"
+)
+
+type FileGuard struct {
+	groupCache *cache.GroupCache
+}
+
+func NewFileGuard() *FileGuard {
+	return &FileGuard{
+		groupCache: cache.NewGroupCache(),
+	}
+}
+
+func (g *FileGuard) IsAuthorized(user model.User, file model.File, permission string) bool {
+	for _, p := range file.GetUserPermissions() {
+		if p.GetUserID() == user.GetID() && model.IsEquivalentPermission(p.GetValue(), permission) {
+			return true
+		}
+	}
+	for _, p := range file.GetGroupPermissions() {
+		g, err := g.groupCache.Get(p.GetGroupID())
+		if err != nil {
+			log.Error(err)
+			return false
+		}
+		for _, u := range g.GetUsers() {
+			if u == user.GetID() && model.IsEquivalentPermission(p.GetValue(), permission) {
+				return true
+			}
+		}
+	}
+	return false
+}
+
+func (g *FileGuard) Authorize(user model.User, file model.File, permission string) error {
+	if !g.IsAuthorized(user, file, permission) {
+		err := errorpkg.NewFilePermissionError(user, file, permission)
+		if g.IsAuthorized(user, file, model.PermissionViewer) {
+			return err
+		} else {
+			return errorpkg.NewOrganizationNotFoundError(err)
+		}
+	}
+	return nil
+}
--- a/Downloads/Voltaserve/api/guard/group_guard.go
+++ b/Downloads/Voltaserve/api/guard/group_guard.go
@ -0,0 +1,52 @@
+package guard
+
+import (
+	"voltaserve/cache"
+	"voltaserve/errorpkg"
+	"voltaserve/model"
+
+	"github.com/gofiber/fiber/v2/log"
+)
+
+type GroupGuard struct {
+	groupCache *cache.GroupCache
+}
+
+func NewGroupGuard() *GroupGuard {
+	return &GroupGuard{
+		groupCache: cache.NewGroupCache(),
+	}
+}
+
+func (g *GroupGuard) IsAuthorized(user model.User, group model.Group, permission string) bool {
+	for _, p := range group.GetUserPermissions() {
+		if p.GetUserID() == user.GetID() && model.IsEquivalentPermission(p.GetValue(), permission) {
+			return true
+		}
+	}
+	for _, p := range group.GetGroupPermissions() {
+		g, err := g.groupCache.Get(p.GetGroupID())
+		if err != nil {
+			log.Error(err)
+			return false
+		}
+		for _, u := range g.GetUsers() {
+			if u == user.GetID() && model.IsEquivalentPermission(p.GetValue(), permission) {
+				return true
+			}
+		}
+	}
+	return false
+}
+
+func (g *GroupGuard) Authorize(user model.User, group model.Group, permission string) error {
+	if !g.IsAuthorized(user, group, permission) {
+		err := errorpkg.NewGroupPermissionError(user, group, permission)
+		if g.IsAuthorized(user, group, model.PermissionViewer) {
+			return err
+		} else {
+			return errorpkg.NewGroupNotFoundError(err)
+		}
+	}
+	return nil
+}
--- a/Downloads/Voltaserve/api/guard/organization_guard.go
+++ b/Downloads/Voltaserve/api/guard/organization_guard.go
@ -0,0 +1,52 @@
+package guard
+
+import (
+	"voltaserve/cache"
+	"voltaserve/errorpkg"
+	"voltaserve/model"
+
+	"github.com/gofiber/fiber/v2/log"
+)
+
+type OrganizationGuard struct {
+	groupCache *cache.GroupCache
+}
+
+func NewOrganizationGuard() *OrganizationGuard {
+	return &OrganizationGuard{
+		groupCache: cache.NewGroupCache(),
+	}
+}
+
+func (g *OrganizationGuard) IsAuthorized(user model.User, org model.Organization, permission string) bool {
+	for _, p := range org.GetUserPermissions() {
+		if p.GetUserID() == user.GetID() && model.IsEquivalentPermission(p.GetValue(), permission) {
+			return true
+		}
+	}
+	for _, p := range org.GetGroupPermissions() {
+		g, err := g.groupCache.Get(p.GetGroupID())
+		if err != nil {
+			log.Error(err)
+			return false
+		}
+		for _, u := range g.GetUsers() {
+			if u == user.GetID() && model.IsEquivalentPermission(p.GetValue(), permission) {
+				return true
+			}
+		}
+	}
+	return false
+}
+
+func (g *OrganizationGuard) Authorize(user model.User, org model.Organization, permission string) error {
+	if !g.IsAuthorized(user, org, permission) {
+		err := errorpkg.NewOrganizationPermissionError(user, org, permission)
+		if g.IsAuthorized(user, org, model.PermissionViewer) {
+			return err
+		} else {
+			return errorpkg.NewOrganizationNotFoundError(err)
+		}
+	}
+	return nil
+}
--- a/Downloads/Voltaserve/api/guard/workspace_guard.go
+++ b/Downloads/Voltaserve/api/guard/workspace_guard.go
@ -0,0 +1,52 @@
+package guard
+
+import (
+	"voltaserve/cache"
+	"voltaserve/errorpkg"
+	"voltaserve/model"
+
+	"github.com/gofiber/fiber/v2/log"
+)
+
+type WorkspaceGuard struct {
+	groupCache *cache.GroupCache
+}
+
+func NewWorkspaceGuard() *WorkspaceGuard {
+	return &WorkspaceGuard{
+		groupCache: cache.NewGroupCache(),
+	}
+}
+
+func (g *WorkspaceGuard) IsAuthorized(user model.User, workspace model.Workspace, permission string) bool {
+	for _, p := range workspace.GetUserPermissions() {
+		if p.GetUserID() == user.GetID() && model.IsEquivalentPermission(p.GetValue(), permission) {
+			return true
+		}
+	}
+	for _, p := range workspace.GetGroupPermissions() {
+		g, err := g.groupCache.Get(p.GetGroupID())
+		if err != nil {
+			log.Error(err)
+			return false
+		}
+		for _, u := range g.GetUsers() {
+			if u == user.GetID() && model.IsEquivalentPermission(p.GetValue(), permission) {
+				return true
+			}
+		}
+	}
+	return false
+}
+
+func (g *WorkspaceGuard) Authorize(user model.User, workspace model.Workspace, permission string) error {
+	if !g.IsAuthorized(user, workspace, permission) {
+		err := errorpkg.NewWorkspacePermissionError(user, workspace, permission)
+		if g.IsAuthorized(user, workspace, model.PermissionViewer) {
+			return err
+		} else {
+			return errorpkg.NewWorkspaceNotFoundError(err)
+		}
+	}
+	return nil
+}