53 lines
1.2 KiB
Go
53 lines
1.2 KiB
Go
package guard
|
|
|
|
import (
|
|
"voltaserve/cache"
|
|
"voltaserve/errorpkg"
|
|
"voltaserve/model"
|
|
|
|
"github.com/gofiber/fiber/v2/log"
|
|
)
|
|
|
|
type OrganizationGuard struct {
|
|
groupCache *cache.GroupCache
|
|
}
|
|
|
|
func NewOrganizationGuard() *OrganizationGuard {
|
|
return &OrganizationGuard{
|
|
groupCache: cache.NewGroupCache(),
|
|
}
|
|
}
|
|
|
|
func (g *OrganizationGuard) IsAuthorized(user model.User, org model.Organization, permission string) bool {
|
|
for _, p := range org.GetUserPermissions() {
|
|
if p.GetUserID() == user.GetID() && model.IsEquivalentPermission(p.GetValue(), permission) {
|
|
return true
|
|
}
|
|
}
|
|
for _, p := range org.GetGroupPermissions() {
|
|
g, err := g.groupCache.Get(p.GetGroupID())
|
|
if err != nil {
|
|
log.Error(err)
|
|
return false
|
|
}
|
|
for _, u := range g.GetUsers() {
|
|
if u == user.GetID() && model.IsEquivalentPermission(p.GetValue(), permission) {
|
|
return true
|
|
}
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
func (g *OrganizationGuard) Authorize(user model.User, org model.Organization, permission string) error {
|
|
if !g.IsAuthorized(user, org, permission) {
|
|
err := errorpkg.NewOrganizationPermissionError(user, org, permission)
|
|
if g.IsAuthorized(user, org, model.PermissionViewer) {
|
|
return err
|
|
} else {
|
|
return errorpkg.NewOrganizationNotFoundError(err)
|
|
}
|
|
}
|
|
return nil
|
|
}
|