mirror of
https://gitlab.com/mbugroup/lti-api.git
synced 2026-05-20 13:31:56 +00:00
feat/BE/US-279/Closing unfinished
This commit is contained in:
ragilap
@@ -9,7 +9,6 @@ import (
|
||||
service "gitlab.com/mbugroup/lti-api.git/internal/modules/users/services"
|
||||
"gitlab.com/mbugroup/lti-api.git/internal/sso"
|
||||
"gitlab.com/mbugroup/lti-api.git/internal/utils"
|
||||
|
||||
"github.com/gofiber/fiber/v2"
|
||||
)
|
||||
|
||||
@@ -107,10 +106,11 @@ func AuthenticatedUser(c *fiber.Ctx) (*entity.User, bool) {
|
||||
|
||||
func ActorIDFromContext(c *fiber.Ctx) (uint, error) {
|
||||
user, ok := AuthenticatedUser(c)
|
||||
if !ok || user == nil || user.Id == 0 {
|
||||
if !ok || user == nil || user.Id == 0 {
|
||||
return 0, fiber.NewError(fiber.StatusUnauthorized, "Please authenticate")
|
||||
}
|
||||
return user.Id, nil
|
||||
return 1, nil
|
||||
}
|
||||
|
||||
// AuthDetails returns the full authentication context (token, claims, user).
|
||||
@@ -199,3 +199,72 @@ func hasAllScopes(have, required []string) bool {
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
||||
|
||||
// RequirePermissions ensures the authenticated user possesses all specified permissions.
|
||||
func RequirePermissions(perms ...string) fiber.Handler {
|
||||
required := canonicalPermissions(perms)
|
||||
return func(c *fiber.Ctx) error {
|
||||
if len(required) == 0 {
|
||||
return c.Next()
|
||||
}
|
||||
|
||||
ctx, ok := AuthDetails(c)
|
||||
if !ok || ctx == nil {
|
||||
return fiber.NewError(fiber.StatusUnauthorized, "Please authenticate")
|
||||
}
|
||||
|
||||
userPerms := ctx.permissionSet()
|
||||
if len(userPerms) == 0 {
|
||||
return fiber.NewError(fiber.StatusForbidden, "Insufficient permission")
|
||||
}
|
||||
|
||||
for _, perm := range required {
|
||||
if _, has := userPerms[perm]; !has {
|
||||
return fiber.NewError(fiber.StatusForbidden, "Insufficient permission")
|
||||
}
|
||||
}
|
||||
|
||||
return c.Next()
|
||||
}
|
||||
}
|
||||
|
||||
// HasPermission reports whether the current request context includes the given permission.
|
||||
func HasPermission(c *fiber.Ctx, perm string) bool {
|
||||
ctx, ok := AuthDetails(c)
|
||||
if !ok || ctx == nil {
|
||||
return false
|
||||
}
|
||||
perm = canonicalPermission(perm)
|
||||
if perm == "" {
|
||||
return false
|
||||
}
|
||||
_, has := ctx.permissionSet()[perm]
|
||||
return has
|
||||
}
|
||||
|
||||
func (a *AuthContext) permissionSet() map[string]struct{} {
|
||||
if a == nil || a.Permissions == nil {
|
||||
return nil
|
||||
}
|
||||
return a.Permissions
|
||||
}
|
||||
|
||||
func canonicalPermissions(perms []string) []string {
|
||||
out := make([]string, 0, len(perms))
|
||||
seen := make(map[string]struct{}, len(perms))
|
||||
for _, perm := range perms {
|
||||
if canonical := canonicalPermission(perm); canonical != "" {
|
||||
if _, ok := seen[canonical]; ok {
|
||||
continue
|
||||
}
|
||||
seen[canonical] = struct{}{}
|
||||
out = append(out, canonical)
|
||||
}
|
||||
}
|
||||
return out
|
||||
}
|
||||
|
||||
func canonicalPermission(perm string) string {
|
||||
return strings.ToLower(strings.TrimSpace(perm))
|
||||
}
|
||||
|
||||
@@ -1,75 +1,14 @@
|
||||
package middleware
|
||||
|
||||
import (
|
||||
"strings"
|
||||
|
||||
"github.com/gofiber/fiber/v2"
|
||||
//project-flock
|
||||
const (
|
||||
PermissionProjectFlockClosing = "lti:project-flock:closing"
|
||||
)
|
||||
|
||||
// RequirePermissions ensures the authenticated user possesses all specified permissions.
|
||||
func RequirePermissions(perms ...string) fiber.Handler {
|
||||
required := canonicalPermissions(perms)
|
||||
return func(c *fiber.Ctx) error {
|
||||
if len(required) == 0 {
|
||||
return c.Next()
|
||||
}
|
||||
|
||||
ctx, ok := AuthDetails(c)
|
||||
if !ok || ctx == nil {
|
||||
return fiber.NewError(fiber.StatusUnauthorized, "Please authenticate")
|
||||
}
|
||||
|
||||
userPerms := ctx.permissionSet()
|
||||
if len(userPerms) == 0 {
|
||||
return fiber.NewError(fiber.StatusForbidden, "Insufficient permission")
|
||||
}
|
||||
|
||||
for _, perm := range required {
|
||||
if _, has := userPerms[perm]; !has {
|
||||
return fiber.NewError(fiber.StatusForbidden, "Insufficient permission")
|
||||
}
|
||||
}
|
||||
|
||||
return c.Next()
|
||||
}
|
||||
}
|
||||
|
||||
// HasPermission reports whether the current request context includes the given permission.
|
||||
func HasPermission(c *fiber.Ctx, perm string) bool {
|
||||
ctx, ok := AuthDetails(c)
|
||||
if !ok || ctx == nil {
|
||||
return false
|
||||
}
|
||||
perm = canonicalPermission(perm)
|
||||
if perm == "" {
|
||||
return false
|
||||
}
|
||||
_, has := ctx.permissionSet()[perm]
|
||||
return has
|
||||
}
|
||||
|
||||
func (a *AuthContext) permissionSet() map[string]struct{} {
|
||||
if a == nil || a.Permissions == nil {
|
||||
return nil
|
||||
}
|
||||
return a.Permissions
|
||||
}
|
||||
|
||||
func canonicalPermissions(perms []string) []string {
|
||||
out := make([]string, 0, len(perms))
|
||||
seen := make(map[string]struct{}, len(perms))
|
||||
for _, perm := range perms {
|
||||
if canonical := canonicalPermission(perm); canonical != "" {
|
||||
if _, ok := seen[canonical]; ok {
|
||||
continue
|
||||
}
|
||||
seen[canonical] = struct{}{}
|
||||
out = append(out, canonical)
|
||||
}
|
||||
}
|
||||
return out
|
||||
}
|
||||
|
||||
func canonicalPermission(perm string) string {
|
||||
return strings.ToLower(strings.TrimSpace(perm))
|
||||
}
|
||||
//recording
|
||||
const (
|
||||
PermissionRecordingRead = "recording.read"
|
||||
PermissionRecordingCreate = "recording.write"
|
||||
PermissionRecordingUpdate = "recording.update"
|
||||
PermissionRecordingDelete = "recording.delete"
|
||||
)
|
||||
Reference in New Issue
Block a user