Skip to content

Commit

Permalink
Added route to check user permissions
Browse files Browse the repository at this point in the history
  • Loading branch information
@p0t4t0sandwich
p0t4t0sandwich committed Apr 30, 2024
1 parent a89aace commit 57cf7c7
Show file tree
Hide file tree
Showing 3 changed files with 75 additions and 0 deletions.
12 changes: 12 additions & 0 deletions modules/auth/permissions/rbac.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ var (

ScopeAdminDataStore = ScopeDataStore("*")
ScopeAdminNumberStore = ScopeNumberStore("*")
ScopeAdminUsers = ScopeUsers("*")
)

// ScopePetPictures -- Pet pictures
Expand Down Expand Up @@ -56,6 +57,15 @@ func ScopeNumberStore(value string) Scope {
}
}

// ScopeUsers -- Admin users
func ScopeUsers(value string) Scope {
return Scope{
Name: "users",
Description: "Users",
Value: value,
}
}

type Role struct {
Name string
Description string
Expand All @@ -72,6 +82,7 @@ var (
ScopeAdminRateLimit,
ScopeAdminDataStore,
ScopeAdminNumberStore,
ScopeAdminUsers,
},
}

Expand All @@ -84,6 +95,7 @@ var (
ScopeAdminRateLimit,
ScopeAdminDataStore,
ScopeAdminNumberStore,
ScopeAdminUsers,
},
}
)
Expand Down
40 changes: 40 additions & 0 deletions modules/auth/users/handler.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ import (
mw "github.com/NeuralNexusDev/neuralnexus-api/middleware"
"github.com/NeuralNexusDev/neuralnexus-api/modules/auth"
accountlinking "github.com/NeuralNexusDev/neuralnexus-api/modules/auth/linking"
perms "github.com/NeuralNexusDev/neuralnexus-api/modules/auth/permissions"
sess "github.com/NeuralNexusDev/neuralnexus-api/modules/auth/session"
"github.com/NeuralNexusDev/neuralnexus-api/modules/database"
"github.com/NeuralNexusDev/neuralnexus-api/responses"
)
Expand Down Expand Up @@ -38,6 +40,11 @@ func GetUserHandler(service Service) http.HandlerFunc {
// GetUserFromPlatformHandler - Get a user from a platform
func GetUserFromPlatformHandler(service Service) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
session := r.Context().Value(mw.SessionKey).(*sess.Session)
if !session.HasPermission(perms.ScopeAdminUsers) {
responses.Forbidden(w, r, "You do not have permission to get users")
return
}
platform := accountlinking.Platform(r.PathValue("platform"))
platformID := r.PathValue("platform_id")
user, err := service.GetUserFromPlatform(platform, platformID)
Expand All @@ -49,9 +56,32 @@ func GetUserFromPlatformHandler(service Service) http.HandlerFunc {
}
}

// GetUserPermissionsHandler - Get a user's permissions
func GetUserPermissionsHandler(service Service) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
session := r.Context().Value(mw.SessionKey).(*sess.Session)
userID := r.PathValue("user_id")
if session.UserID != userID && !session.HasPermission(perms.ScopeAdminUsers) {
responses.Forbidden(w, r, "You do not have permission to get user permissions")
return
}
permissions, err := service.GetUserPermissions(userID)
if err != nil {
responses.NotFound(w, r, "User not found")
return
}
responses.StructOK(w, r, permissions)
}
}

// UpdateUserHandler - Update a user
func UpdateUserHandler(service Service) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
session := r.Context().Value(mw.SessionKey).(*sess.Session)
if !session.HasPermission(perms.ScopeAdminUsers) {
responses.Forbidden(w, r, "You do not have permission to update users")
return
}
userID := r.PathValue("user_id")
var user auth.Account
err := responses.DecodeStruct(r, &user)
Expand All @@ -72,6 +102,11 @@ func UpdateUserHandler(service Service) http.HandlerFunc {
// UpdateUserFromPlatformHandler - Update a user from a platform
func UpdateUserFromPlatformHandler(service Service) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
session := r.Context().Value(mw.SessionKey).(*sess.Session)
if !session.HasPermission(perms.ScopeAdminUsers) {
responses.Forbidden(w, r, "You do not have permission to update users")
return
}
platform := accountlinking.Platform(r.PathValue("platform"))
platformID := r.PathValue("platform_id")
var data accountlinking.Data
Expand All @@ -92,6 +127,11 @@ func UpdateUserFromPlatformHandler(service Service) http.HandlerFunc {
// DeleteUserHandler - Delete a user
func DeleteUserHandler(service Service) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
session := r.Context().Value(mw.SessionKey).(*sess.Session)
if !session.HasPermission(perms.ScopeAdminUsers) {
responses.Forbidden(w, r, "You do not have permission to delete users")
return
}
userID := r.PathValue("user_id")
err := service.DeleteUser(userID)
if err != nil {
Expand Down
23 changes: 23 additions & 0 deletions modules/auth/users/service.go
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,19 @@
package users

import (
"log"
"time"

"github.com/NeuralNexusDev/neuralnexus-api/modules/auth"
accountlinking "github.com/NeuralNexusDev/neuralnexus-api/modules/auth/linking"
perms "github.com/NeuralNexusDev/neuralnexus-api/modules/auth/permissions"
)

// Service - The service interface
type Service interface {
GetUser(userID string) (*auth.Account, error)
GetUserFromPlatform(platform accountlinking.Platform, platformID string) (*auth.Account, error)
GetUserPermissions(userID string) ([]string, error)
UpdateUser(user *auth.Account) (*auth.Account, error)
UpdateUserFromPlatform(platform accountlinking.Platform, platformID string, data accountlinking.Data) (*auth.Account, error)
DeleteUser(userID string) error
Expand Down Expand Up @@ -41,6 +44,26 @@ func (s *service) GetUserFromPlatform(platform accountlinking.Platform, platform
return s.as.GetAccountByID(la.UserID)
}

// GetUserPermissions - Get a user's permissions
func (s *service) GetUserPermissions(userID string) ([]string, error) {
a, err := s.as.GetAccountByID(userID)
if err != nil {
return nil, err
}
permissions := []string{}
for _, r := range a.Roles {
role, err := perms.GetRoleByName(r)
if err != nil {
log.Println(err)
continue
}
for _, p := range role.Permissions {
permissions = append(permissions, p.Name+"|"+p.Value)
}
}
return permissions, nil
}

// UpdateUser - Update a user
func (s *service) UpdateUser(user *auth.Account) (*auth.Account, error) {
account, err := s.as.GetAccountByID(user.UserID)
Expand Down

0 comments on commit 57cf7c7

Please sign in to comment.