mirror of
https://github.com/jech/galene.git
synced 2024-11-22 08:35:57 +01:00
Make GetPermission a method of Group.
This commit is contained in:
parent
0fe3ed2e15
commit
6bdcd504a7
2 changed files with 21 additions and 13 deletions
|
@ -563,7 +563,7 @@ func AddClient(group string, c Client, creds ClientCredentials) (*Group, error)
|
||||||
clients := g.getClientsUnlocked(nil)
|
clients := g.getClientsUnlocked(nil)
|
||||||
|
|
||||||
if !member("system", c.Permissions()) {
|
if !member("system", c.Permissions()) {
|
||||||
username, perms, err := g.description.GetPermission(group, creds)
|
username, perms, err := g.getPermission(creds)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
@ -815,7 +815,7 @@ func (g *Group) GetChatHistory() []ChatHistoryEntry {
|
||||||
return h
|
return h
|
||||||
}
|
}
|
||||||
|
|
||||||
func matchClient(group string, creds ClientCredentials, users []ClientPattern) (bool, bool) {
|
func matchClient(creds ClientCredentials, users []ClientPattern) (bool, bool) {
|
||||||
matched := false
|
matched := false
|
||||||
for _, u := range users {
|
for _, u := range users {
|
||||||
if u.Username == creds.Username {
|
if u.Username == creds.Username {
|
||||||
|
@ -1103,12 +1103,14 @@ func readDescription(name string) (*Description, error) {
|
||||||
return &desc, nil
|
return &desc, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (desc *Description) GetPermission(group string, creds ClientCredentials) (string, []string, error) {
|
// called locked
|
||||||
|
func (g *Group) getPermission(creds ClientCredentials) (string, []string, error) {
|
||||||
|
desc := g.description
|
||||||
if creds.Token == "" {
|
if creds.Token == "" {
|
||||||
if !desc.AllowAnonymous && creds.Username == "" {
|
if !desc.AllowAnonymous && creds.Username == "" {
|
||||||
return "", nil, ErrAnonymousNotAuthorised
|
return "", nil, ErrAnonymousNotAuthorised
|
||||||
}
|
}
|
||||||
if found, good := matchClient(group, creds, desc.Op); found {
|
if found, good := matchClient(creds, desc.Op); found {
|
||||||
if good {
|
if good {
|
||||||
var p []string
|
var p []string
|
||||||
p = []string{"op", "present"}
|
p = []string{"op", "present"}
|
||||||
|
@ -1119,13 +1121,13 @@ func (desc *Description) GetPermission(group string, creds ClientCredentials) (s
|
||||||
}
|
}
|
||||||
return "", nil, ErrNotAuthorised
|
return "", nil, ErrNotAuthorised
|
||||||
}
|
}
|
||||||
if found, good := matchClient(group, creds, desc.Presenter); found {
|
if found, good := matchClient(creds, desc.Presenter); found {
|
||||||
if good {
|
if good {
|
||||||
return creds.Username, []string{"present"}, nil
|
return creds.Username, []string{"present"}, nil
|
||||||
}
|
}
|
||||||
return "", nil, ErrNotAuthorised
|
return "", nil, ErrNotAuthorised
|
||||||
}
|
}
|
||||||
if found, good := matchClient(group, creds, desc.Other); found {
|
if found, good := matchClient(creds, desc.Other); found {
|
||||||
if good {
|
if good {
|
||||||
return creds.Username, nil, nil
|
return creds.Username, nil, nil
|
||||||
}
|
}
|
||||||
|
@ -1164,7 +1166,7 @@ func (desc *Description) GetPermission(group string, creds ClientCredentials) (s
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if url.Path == path.Join("/group", group)+"/" {
|
if url.Path == path.Join("/group", g.name)+"/" {
|
||||||
ok = true
|
ok = true
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
|
@ -1175,6 +1177,12 @@ func (desc *Description) GetPermission(group string, creds ClientCredentials) (s
|
||||||
return sub, perms, nil
|
return sub, perms, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (g *Group) GetPermission(creds ClientCredentials) (string, []string, error) {
|
||||||
|
g.mu.Lock()
|
||||||
|
defer g.mu.Unlock()
|
||||||
|
return g.getPermission(creds)
|
||||||
|
}
|
||||||
|
|
||||||
type Status struct {
|
type Status struct {
|
||||||
Name string `json:"name"`
|
Name string `json:"name"`
|
||||||
Location string `json:"location"`
|
Location string `json:"location"`
|
||||||
|
|
|
@ -591,17 +591,17 @@ func handleGroupAction(w http.ResponseWriter, r *http.Request, group string) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func checkGroupPermissions(w http.ResponseWriter, r *http.Request, groupname string) bool {
|
func checkGroupPermissions(w http.ResponseWriter, r *http.Request, groupname string) bool {
|
||||||
desc, err := group.GetDescription(groupname)
|
|
||||||
if err != nil {
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
|
|
||||||
user, pass, ok := r.BasicAuth()
|
user, pass, ok := r.BasicAuth()
|
||||||
if !ok {
|
if !ok {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
_, p, err := desc.GetPermission(groupname,
|
g := group.Get(groupname)
|
||||||
|
if g == nil {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
_, p, err := g.GetPermission(
|
||||||
group.ClientCredentials{
|
group.ClientCredentials{
|
||||||
Username: user,
|
Username: user,
|
||||||
Password: pass,
|
Password: pass,
|
||||||
|
|
Loading…
Reference in a new issue