Replace permission related strings with typed values

2025-07-22 14:49:42 +02:00 · 2018-03-02 14:47:58 +00:00 · 2018-03-02 14:47:58 +00:00 · 08f0c2cd0b
commit 08f0c2cd0b
parent 99f0a16d71
8 changed files with 72 additions and 58 deletions
--- a/domain/category/endpoint.go
+++ b/domain/category/endpoint.go
@ -82,10 +82,10 @@ func (h *Handler) Add(w http.ResponseWriter, r *http.Request) {
 	perm := pm.Permission{}
 	perm.OrgID = ctx.OrgID
-	perm.Who = "user"
+	perm.Who = pm.UserPermission
 	perm.WhoID = ctx.UserID
-	perm.Scope = "object"
+	perm.Scope = pm.ScopeRow
-	perm.Location = "category"
+	perm.Location = pm.LocationCategory
 	perm.RefID = cat.RefID
 	perm.Action = pm.CategoryView
--- a/domain/permission/endpoint.go
+++ b/domain/permission/endpoint.go
@ -30,7 +30,6 @@ import (
 	"github.com/documize/community/model/audit"
 	"github.com/documize/community/model/permission"
 	"github.com/documize/community/model/space"
 	"github.com/documize/community/model/user"
 )
 // Handler contains the runtime information such as logging and database.
@ -178,10 +177,10 @@ func (h *Handler) SetSpacePermissions(w http.ResponseWriter, r *http.Request) {
 	if !me {
 		perm := permission.Permission{}
 		perm.OrgID = ctx.OrgID
-		perm.Who = "user"
+		perm.Who = permission.UserPermission
 		perm.WhoID = ctx.UserID
-		perm.Scope = "object"
+		perm.Scope = permission.ScopeRow
-		perm.Location = "space"
+		perm.Location = permission.LocationSpace
 		perm.RefID = id
 		perm.Action = "" // we send array for actions below
@ -236,9 +235,6 @@ func (h *Handler) GetSpacePermissions(w http.ResponseWriter, r *http.Request) {
 		response.WriteServerError(w, method, err)
 		return
 	}
 	if len(perms) == 0 {
 		perms = []permission.Permission{}
 	}
 	userPerms := make(map[string][]permission.Permission)
 	for _, p := range perms {
@ -269,9 +265,6 @@ func (h *Handler) GetUserSpacePermissions(w http.ResponseWriter, r *http.Request
 		response.WriteServerError(w, method, err)
 		return
 	}
 	if len(perms) == 0 {
 		perms = []permission.Permission{}
 	}
 	record := permission.DecodeUserPermissions(perms)
 	response.WriteJSON(w, record)
@ -293,9 +286,6 @@ func (h *Handler) GetCategoryViewers(w http.ResponseWriter, r *http.Request) {
 		response.WriteServerError(w, method, err)
 		return
 	}
 	if len(u) == 0 {
 		u = []user.User{}
 	}
 	response.WriteJSON(w, u)
 }
@ -316,9 +306,6 @@ func (h *Handler) GetCategoryPermissions(w http.ResponseWriter, r *http.Request)
 		response.WriteServerError(w, method, err)
 		return
 	}
 	if len(u) == 0 {
 		u = []permission.Permission{}
 	}
 	response.WriteJSON(w, u)
 }
@ -380,10 +367,10 @@ func (h *Handler) SetCategoryPermissions(w http.ResponseWriter, r *http.Request)
 	for _, m := range model {
 		perm := permission.Permission{}
 		perm.OrgID = ctx.OrgID
-		perm.Who = "user"
+		perm.Who = permission.UserPermission
 		perm.WhoID = m.UserID
-		perm.Scope = "object"
+		perm.Scope = permission.ScopeRow
-		perm.Location = "category"
+		perm.Location = permission.LocationCategory
 		perm.RefID = m.CategoryID
 		perm.Action = permission.CategoryView
@ -418,9 +405,6 @@ func (h *Handler) GetDocumentPermissions(w http.ResponseWriter, r *http.Request)
 		response.WriteServerError(w, method, err)
 		return
 	}
 	if len(perms) == 0 {
 		perms = []permission.Permission{}
 	}
 	userPerms := make(map[string][]permission.Permission)
 	for _, p := range perms {
@ -451,9 +435,6 @@ func (h *Handler) GetUserDocumentPermissions(w http.ResponseWriter, r *http.Requ
 		response.WriteServerError(w, method, err)
 		return
 	}
 	if len(perms) == 0 {
 		perms = []permission.Permission{}
 	}
 	record := permission.DecodeUserDocumentPermissions(perms)
 	response.WriteJSON(w, record)
--- a/domain/space/endpoint.go
+++ b/domain/space/endpoint.go
@ -110,10 +110,10 @@ func (h *Handler) Add(w http.ResponseWriter, r *http.Request) {
 	perm := permission.Permission{}
 	perm.OrgID = sp.OrgID
-	perm.Who = "user"
+	perm.Who = permission.UserPermission
 	perm.WhoID = ctx.UserID
-	perm.Scope = "object"
+	perm.Scope = permission.ScopeRow
-	perm.Location = "space"
+	perm.Location = permission.LocationSpace
 	perm.RefID = sp.RefID
 	perm.Action = "" // we send array for actions below
@ -800,10 +800,10 @@ func (h *Handler) Invite(w http.ResponseWriter, r *http.Request) {
 			perm := permission.Permission{}
 			perm.OrgID = sp.OrgID
-			perm.Who = "user"
+			perm.Who = permission.UserPermission
 			perm.WhoID = u.RefID
-			perm.Scope = "object"
+			perm.Scope = permission.ScopeRow
-			perm.Location = "space"
+			perm.Location = permission.LocationSpace
 			perm.RefID = sp.RefID
 			perm.Action = "" // we send array for actions below
--- a/domain/space/space.go
+++ b/domain/space/space.go
@ -64,10 +64,10 @@ func inviteNewUserToSharedSpace(ctx domain.RequestContext, rt *env.Runtime, s *d
 	perm := permission.Permission{}
 	perm.OrgID = sp.OrgID
-	perm.Who = "user"
+	perm.Who = permission.UserPermission
 	perm.WhoID = userID
-	perm.Scope = "object"
+	perm.Scope = permission.ScopeRow
-	perm.Location = "space"
+	perm.Location = permission.LocationSpace
 	perm.RefID = sp.RefID
 	perm.Action = "" // we send array for actions below
--- a/domain/space/space_test.go
+++ b/domain/space/space_test.go
@ -42,8 +42,8 @@ func TestSpace(t *testing.T) {
 		perm.OrgID = ctx.OrgID
 		perm.Who = "user"
 		perm.WhoID = ctx.UserID
-		perm.Scope = "object"
+		perm.Scope = permission.ScopeRow
-		perm.Location = "space"
+		perm.Location = permission.LocationSpace
 		perm.RefID = spaceID
 		perm.Action = "" // we send array for actions below
@ -109,8 +109,8 @@ func TestSpace(t *testing.T) {
 		perm.OrgID = ctx.OrgID
 		perm.Who = "user"
 		perm.WhoID = ctx.UserID
-		perm.Scope = "object"
+		perm.Scope = permission.ScopeRow
-		perm.Location = "space"
+		perm.Location = permission.LocationSpace
 		perm.RefID = spaceID2
 		perm.Action = "" // we send array for actions below
@ -170,8 +170,8 @@ func TestSpace(t *testing.T) {
 		perm.OrgID = ctx.OrgID
 		perm.Who = "user"
 		perm.WhoID = ctx.UserID
-		perm.Scope = "object"
+		perm.Scope = permission.ScopeRow
-		perm.Location = "space"
+		perm.Location = permission.LocationSpace
 		perm.RefID = spaceID
 		perm.Action = "" // we send array for actions below
--- a/model/permission/common.go
+++ b/model/permission/common.go
@ -15,17 +15,50 @@ import "time"
 // Permission represents a permission for a space and is persisted to the database.
 type Permission struct {
-	ID       uint64    `json:"id"`
+	ID       uint64       `json:"id"`
-	OrgID    string    `json:"orgId"`
+	OrgID    string       `json:"orgId"`
-	Who      string    `json:"who"`      // user, role
+	Who      WhoType      `json:"who"`      // user, role
-	WhoID    string    `json:"whoId"`    // either a user or role ID
+	WhoID    string       `json:"whoId"`    // either a user or role ID
-	Action   Action    `json:"action"`   // view, edit, delete
+	Action   Action       `json:"action"`   // view, edit, delete
-	Scope    string    `json:"scope"`    // object, table
+	Scope    ScopeType    `json:"scope"`    // object, table
-	Location string    `json:"location"` // table name
+	Location LocationType `json:"location"` // table name
-	RefID    string    `json:"refId"`    // id of row in table / blank when scope=table
+	RefID    string       `json:"refId"`    // id of row in table / blank when scope=table
-	Created  time.Time `json:"created"`
+	Created  time.Time    `json:"created"`
 }
 // WhoType tell us if permission record represents user or group
 type WhoType string
 const (
 	// GroupPermission means permission is assigned to a group
 	GroupPermission WhoType = "role"
 	// UserPermission means permission is assigned to a user
 	UserPermission WhoType = "user"
 )
 // LocationType tells us the entity being permissioned
 type LocationType string
 const (
 	// LocationSpace means space is being permissioned
 	LocationSpace LocationType = "space"
 	// LocationCategory means category is being permissioned
 	LocationCategory LocationType = "category"
 	// LocationDocument means document is being permissioned
 	LocationDocument LocationType = "document"
 )
 // ScopeType details at what level data is being protected, e.g. table, row
 type ScopeType string
 const (
 	// ScopeRow identifies row in table is being protected
 	ScopeRow ScopeType = "object"
 )
 // Action details type of action
 type Action string
--- a/model/permission/document.go
+++ b/model/permission/document.go
@ -67,12 +67,12 @@ func HasAnyDocumentPermission(p DocumentRecord) bool {
 func EncodeDocumentRecord(r DocumentRecord, a Action) (p Permission) {
 	p = Permission{}
 	p.OrgID = r.OrgID
-	p.Who = "user"
+	p.Who = UserPermission
 	p.WhoID = r.UserID
-	p.Location = "document"
+	p.Location = LocationDocument
 	p.RefID = r.DocumentID
 	p.Action = a
-	p.Scope = "object" // default to row level permission
+	p.Scope = ScopeRow
 	return
 }
--- a/model/permission/space.go
+++ b/model/permission/space.go
@ -118,12 +118,12 @@ func HasAnyPermission(p Record) bool {
 func EncodeRecord(r Record, a Action) (p Permission) {
 	p = Permission{}
 	p.OrgID = r.OrgID
-	p.Who = "user"
+	p.Who = UserPermission
 	p.WhoID = r.UserID
-	p.Location = "space"
+	p.Location = LocationSpace
 	p.RefID = r.SpaceID
 	p.Action = a
-	p.Scope = "object" // default to row level permission
+	p.Scope = ScopeRow
 	return
 }