Parcourir la source

Better way of determining privileges

master
Jared il y a 1 an
Parent
révision
2d8b43fb5b
9 fichiers modifiés avec 145 ajouts et 78 suppressions
  1. +10
    -4
      endpoints/closerewardfund.go
  2. +19
    -15
      endpoints/createqueue.go
  3. +23
    -18
      endpoints/createrewardfund.go
  4. +15
    -0
      endpoints/editqueue.go
  5. +20
    -16
      endpoints/escalateprivileges.go
  6. +16
    -0
      endpoints/getqueuemembers.go
  7. +5
    -1
      endpoints/getusers.go
  8. +22
    -24
      endpoints/register.go
  9. +15
    -0
      endpoints/submitfund.go

+ 10
- 4
endpoints/closerewardfund.go Voir le fichier

@@ -29,14 +29,20 @@ func CloseRewardFund(w http.ResponseWriter, r *http.Request) {
return
}

if claims == nil {
w.WriteHeader(401)
return
}
if claims.Privileges > AdminPlus {
w.WriteHeader(403)
return
}

var fund RewardFund
var modified int64
if claims != nil && claims.Privileges <= AdminPlus && req.Close {
if req.Close {
Db.Table("reward_funds").Find(&fund, req.ID)
modified = Db.Delete(&fund).RowsAffected
} else {
w.WriteHeader(403)
return
}

var resp SuccessResponse


+ 19
- 15
endpoints/createqueue.go Voir le fichier

@@ -32,25 +32,29 @@ func CreateQueue(w http.ResponseWriter, r *http.Request) {
return
}

if claims == nil {
w.WriteHeader(401)
return
}
if claims.Privileges > Admin {
w.WriteHeader(403)
return
}

var resp CreateQueueResponse
if claims != nil && claims.Privileges <= Admin {
var specificQueue Queue
Db.Table("queues").First(&specificQueue, "name = ?", req.Name)
var specificQueue Queue
Db.Table("queues").First(&specificQueue, "name = ?", req.Name)

if specificQueue.ID != 0 {
resp.ID = specificQueue.ID
} else {
queue := Queue{
Name: req.Name,
}
if specificQueue.ID != 0 {
resp.ID = specificQueue.ID
} else {
queue := Queue{
Name: req.Name,
}

Db.Create(&queue)
Db.Create(&queue)

resp.ID = queue.ID
}
} else {
w.WriteHeader(403)
return
resp.ID = queue.ID
}

err = json.NewEncoder(w).Encode(resp)


+ 23
- 18
endpoints/createrewardfund.go Voir le fichier

@@ -85,26 +85,31 @@ func CreateRewardFund(resp http.ResponseWriter, req *http.Request) {
return
}

if claims != nil && claims.Privileges <= Admin {
Db.Create(&rewardFund)
Db.Create(&joinRecord)
if claims == nil {
resp.WriteHeader(401)
return
}
if claims.Privileges > Admin {
resp.WriteHeader(403)
return
}

for _, cancel := range cancellations {
cancel()
}
go InitializeContributionStreams()
Db.Create(&rewardFund)
Db.Create(&joinRecord)

for _, bonus := range fund.Bonuses {
bonus.RewardFundID = rewardFund.ID
bonuses = append(bonuses, bonus)
}
Db.Create(&bonuses)
for _, cancel := range cancellations {
cancel()
}
go InitializeContributionStreams()

err = json.NewEncoder(resp).Encode(&SuccessResponse{Success: true})
if err != nil {
log.Error().Err(err).Msg("Could not create response for created reward fund")
}
} else {
resp.WriteHeader(403)
for _, bonus := range fund.Bonuses {
bonus.RewardFundID = rewardFund.ID
bonuses = append(bonuses, bonus)
}
Db.Create(&bonuses)

err = json.NewEncoder(resp).Encode(&SuccessResponse{Success: true})
if err != nil {
log.Error().Err(err).Msg("Could not create response for created reward fund")
}
}

+ 15
- 0
endpoints/editqueue.go Voir le fichier

@@ -4,6 +4,7 @@ import (
"encoding/json"
"net/http"

"github.com/imosed/signet/auth"
. "github.com/imosed/signet/data"
"github.com/rs/zerolog/log"
)
@@ -27,6 +28,20 @@ func EditQueue(w http.ResponseWriter, r *http.Request) {
return
}

var claims *auth.Claims
claims, err = auth.GetUserClaims(r)
if err != nil {
log.Error().Err(err).Msg("Could not get user claims in call to EditQueue")
}
if claims == nil {
w.WriteHeader(401)
return
}
if claims.Privileges > Admin {
w.WriteHeader(403)
return
}

var resp SuccessResponse
for _, qo := range req.FundOrders {
Db.Table("queue_orders").


+ 20
- 16
endpoints/escalateprivileges.go Voir le fichier

@@ -28,26 +28,30 @@ func ChangePrivileges(w http.ResponseWriter, r *http.Request) {
var claims *auth.Claims
claims, err = auth.GetUserClaims(r)

if claims != nil && claims.Privileges <= AdminPlus {
Db.Table("users").Where("id = ?", req.UserID).Find(&user)
if req.Privileges == SuperUser {
resp.Success = false

err = json.NewEncoder(w).Encode(resp)
if err != nil {
log.Error().Err(err).Msg("Could not deliver failed escalate privileges response")
}
return
}

user.Privileges = req.Privileges
Db.Save(user)
resp.Success = true
} else {
if claims == nil {
w.WriteHeader(401)
return
}
if claims.Privileges > AdminPlus {
w.WriteHeader(403)
return
}

Db.Table("users").Where("id = ?", req.UserID).Find(&user)
if req.Privileges == SuperUser {
resp.Success = false

err = json.NewEncoder(w).Encode(resp)
if err != nil {
log.Error().Err(err).Msg("Could not deliver failed escalate privileges response")
}
return
}

user.Privileges = req.Privileges
Db.Save(user)
resp.Success = true

err = json.NewEncoder(w).Encode(resp)
if err != nil {
log.Error().Err(err).Msg("Could not deliver successful escalate privileges response")


+ 16
- 0
endpoints/getqueuemembers.go Voir le fichier

@@ -4,6 +4,7 @@ import (
"encoding/json"
"net/http"

"github.com/imosed/signet/auth"
. "github.com/imosed/signet/data"
"github.com/rs/zerolog/log"
)
@@ -30,6 +31,21 @@ func GetQueueMembers(w http.ResponseWriter, r *http.Request) {
return
}

var claims *auth.Claims
claims, err = auth.GetUserClaims(r)
if err != nil {
log.Error().Err(err).Msg("Could not get user claims in request to GetQueueMembers")
}

if claims == nil {
w.WriteHeader(401)
return
}
if claims.Privileges > Admin {
w.WriteHeader(403)
return
}

var members []QueueMember
Db.Table("queue_orders qo").Select("rf.id, asset, qo.order").
Where("queue_id = ?", req.ID).


+ 5
- 1
endpoints/getusers.go Voir le fichier

@@ -15,7 +15,11 @@ type GetUsersResponse struct {
func GetUsers(w http.ResponseWriter, r *http.Request) {
claims, err := auth.GetUserClaims(r)

if claims == nil || (claims != nil && claims.Privileges > AdminPlus) {
if claims == nil {
w.WriteHeader(401)
return
}
if claims.Privileges > AdminPlus {
w.WriteHeader(403)
return
}


+ 22
- 24
endpoints/register.go Voir le fichier

@@ -150,33 +150,31 @@ func Register(w http.ResponseWriter, r *http.Request) {
return
}

if claims == nil {
return
}

if noUsersRegistered() || (claims != nil && claims.Privileges <= AdminPlus) {
hash, err := GetHashedPassword(req.Password)
if err != nil {
log.Error().Err(err).Msg("Could not generate hash for registration")
if !noUsersRegistered() {
if claims == nil {
w.WriteHeader(401)
return
}
if claims.Privileges > AdminPlus {
w.WriteHeader(403)
return
}
}

hash, err := GetHashedPassword(req.Password)
if err != nil {
log.Error().Err(err).Msg("Could not generate hash for registration")
return
}

Db.Create(&User{
Username: req.Username,
Password: hash,
Privileges: determinePrivileges(),
})
Db.Create(&User{
Username: req.Username,
Password: hash,
Privileges: determinePrivileges(),
})

err = json.NewEncoder(w).Encode(SuccessResponse{Success: true})
if err != nil {
log.Error().Err(err).Msg("Could not deliver successful account creation response")
}
} else if !noUsersRegistered() {
err = json.NewEncoder(w).Encode(SuccessResponse{Success: false})
if err != nil {
log.Error().Err(err).Msg("Could not deliver unsuccessful account creation response")
}
} else if claims != nil && claims.Privileges > SuperUser {
w.WriteHeader(403)
err = json.NewEncoder(w).Encode(SuccessResponse{Success: true})
if err != nil {
log.Error().Err(err).Msg("Could not deliver successful account creation response")
}
}

+ 15
- 0
endpoints/submitfund.go Voir le fichier

@@ -4,6 +4,7 @@ import (
"encoding/json"
"net/http"

"github.com/imosed/signet/auth"
"github.com/imosed/signet/utils"
"github.com/rs/zerolog/log"
)
@@ -20,6 +21,20 @@ func SubmitFund(w http.ResponseWriter, r *http.Request) {
log.Error().Err(err).Msg("Could not decode body in SubmitFund call")
}

var claims *auth.Claims
claims, err = auth.GetUserClaims(r)
if err != nil {
log.Error().Err(err).Msg("Could not get user claims in call to SubmitFund")
}
if claims == nil {
w.WriteHeader(401)
return
}
if claims.Privileges > Admin {
w.WriteHeader(403)
return
}

var resp SuccessResponse
resp.Success = false



Chargement…
Annuler
Enregistrer