1
Fork 0
mirror of https://github.com/jech/galene.git synced 2024-11-22 16:45:58 +01:00

Make GetPermission a method of Group.

This commit is contained in:
Juliusz Chroboczek 2022-09-08 20:55:05 +02:00
parent 0fe3ed2e15
commit 6bdcd504a7
2 changed files with 21 additions and 13 deletions

View file

@ -563,7 +563,7 @@ func AddClient(group string, c Client, creds ClientCredentials) (*Group, error)
clients := g.getClientsUnlocked(nil) clients := g.getClientsUnlocked(nil)
if !member("system", c.Permissions()) { if !member("system", c.Permissions()) {
username, perms, err := g.description.GetPermission(group, creds) username, perms, err := g.getPermission(creds)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -815,7 +815,7 @@ func (g *Group) GetChatHistory() []ChatHistoryEntry {
return h return h
} }
func matchClient(group string, creds ClientCredentials, users []ClientPattern) (bool, bool) { func matchClient(creds ClientCredentials, users []ClientPattern) (bool, bool) {
matched := false matched := false
for _, u := range users { for _, u := range users {
if u.Username == creds.Username { if u.Username == creds.Username {
@ -1103,12 +1103,14 @@ func readDescription(name string) (*Description, error) {
return &desc, nil return &desc, nil
} }
func (desc *Description) GetPermission(group string, creds ClientCredentials) (string, []string, error) { // called locked
func (g *Group) getPermission(creds ClientCredentials) (string, []string, error) {
desc := g.description
if creds.Token == "" { if creds.Token == "" {
if !desc.AllowAnonymous && creds.Username == "" { if !desc.AllowAnonymous && creds.Username == "" {
return "", nil, ErrAnonymousNotAuthorised return "", nil, ErrAnonymousNotAuthorised
} }
if found, good := matchClient(group, creds, desc.Op); found { if found, good := matchClient(creds, desc.Op); found {
if good { if good {
var p []string var p []string
p = []string{"op", "present"} p = []string{"op", "present"}
@ -1119,13 +1121,13 @@ func (desc *Description) GetPermission(group string, creds ClientCredentials) (s
} }
return "", nil, ErrNotAuthorised return "", nil, ErrNotAuthorised
} }
if found, good := matchClient(group, creds, desc.Presenter); found { if found, good := matchClient(creds, desc.Presenter); found {
if good { if good {
return creds.Username, []string{"present"}, nil return creds.Username, []string{"present"}, nil
} }
return "", nil, ErrNotAuthorised return "", nil, ErrNotAuthorised
} }
if found, good := matchClient(group, creds, desc.Other); found { if found, good := matchClient(creds, desc.Other); found {
if good { if good {
return creds.Username, nil, nil return creds.Username, nil, nil
} }
@ -1164,7 +1166,7 @@ func (desc *Description) GetPermission(group string, creds ClientCredentials) (s
continue continue
} }
} }
if url.Path == path.Join("/group", group)+"/" { if url.Path == path.Join("/group", g.name)+"/" {
ok = true ok = true
break break
} }
@ -1175,6 +1177,12 @@ func (desc *Description) GetPermission(group string, creds ClientCredentials) (s
return sub, perms, nil return sub, perms, nil
} }
func (g *Group) GetPermission(creds ClientCredentials) (string, []string, error) {
g.mu.Lock()
defer g.mu.Unlock()
return g.getPermission(creds)
}
type Status struct { type Status struct {
Name string `json:"name"` Name string `json:"name"`
Location string `json:"location"` Location string `json:"location"`

View file

@ -591,17 +591,17 @@ func handleGroupAction(w http.ResponseWriter, r *http.Request, group string) {
} }
func checkGroupPermissions(w http.ResponseWriter, r *http.Request, groupname string) bool { func checkGroupPermissions(w http.ResponseWriter, r *http.Request, groupname string) bool {
desc, err := group.GetDescription(groupname)
if err != nil {
return false
}
user, pass, ok := r.BasicAuth() user, pass, ok := r.BasicAuth()
if !ok { if !ok {
return false return false
} }
_, p, err := desc.GetPermission(groupname, g := group.Get(groupname)
if g == nil {
return false
}
_, p, err := g.GetPermission(
group.ClientCredentials{ group.ClientCredentials{
Username: user, Username: user,
Password: pass, Password: pass,