From 5ed180396ee95c19f3b503e502ba317515c03dda Mon Sep 17 00:00:00 2001 From: sauls8t Date: Wed, 27 Jun 2018 13:09:25 +0100 Subject: [PATCH] Add new check permissions helper --- domain/permission/mysql/store.go | 25 +++++++++++++++++++++++++ domain/permission/permission.go | 26 +++++++++++++++++++++++++- domain/storer.go | 1 + 3 files changed, 51 insertions(+), 1 deletion(-) diff --git a/domain/permission/mysql/store.go b/domain/permission/mysql/store.go index aca82974..742cdcfe 100644 --- a/domain/permission/mysql/store.go +++ b/domain/permission/mysql/store.go @@ -85,6 +85,31 @@ func (s Scope) GetUserSpacePermissions(ctx domain.RequestContext, spaceID string return } +// GetSpacePermissionsForUser returns space permissions for specified user. +func (s Scope) GetSpacePermissionsForUser(ctx domain.RequestContext, spaceID, userID string) (r []permission.Permission, err error) { + r = []permission.Permission{} + + err = s.Runtime.Db.Select(&r, ` + SELECT id, orgid, who, whoid, action, scope, location, refid + FROM permission + WHERE orgid=? AND location='space' AND refid=? AND who='user' AND (whoid=? OR whoid='0') + UNION ALL + SELECT p.id, p.orgid, p.who, p.whoid, p.action, p.scope, p.location, p.refid + FROM permission p + LEFT JOIN rolemember r ON p.whoid=r.roleid + WHERE p.orgid=? AND p.location='space' AND refid=? AND p.who='role' AND (r.userid=? OR r.userid='0')`, + ctx.OrgID, spaceID, userID, ctx.OrgID, spaceID, userID) + + if err == sql.ErrNoRows { + err = nil + } + if err != nil { + err = errors.Wrap(err, fmt.Sprintf("unable to execute select user permissions %s", userID)) + } + + return +} + // GetSpacePermissions returns space permissions for all users. // We do not filter by userID because we return permissions for all users. func (s Scope) GetSpacePermissions(ctx domain.RequestContext, spaceID string) (r []permission.Permission, err error) { diff --git a/domain/permission/permission.go b/domain/permission/permission.go index b639d929..7af0ace6 100644 --- a/domain/permission/permission.go +++ b/domain/permission/permission.go @@ -203,7 +203,7 @@ func CanManageVersion(ctx domain.RequestContext, s domain.Store, spaceID string) return false } -// HasPermission returns if user can perform specified actions. +// HasPermission returns if current user can perform specified actions. func HasPermission(ctx domain.RequestContext, s domain.Store, spaceID string, actions ...pm.Action) bool { roles, err := s.Permission.GetUserSpacePermissions(ctx, spaceID) @@ -227,6 +227,30 @@ func HasPermission(ctx domain.RequestContext, s domain.Store, spaceID string, ac return false } +// CheckPermission returns if specified user can perform specified actions. +func CheckPermission(ctx domain.RequestContext, s domain.Store, spaceID string, userID string, actions ...pm.Action) bool { + roles, err := s.Permission.GetSpacePermissionsForUser(ctx, spaceID, userID) + + if err == sql.ErrNoRows { + err = nil + } + if err != nil { + return false + } + + for _, role := range roles { + if role.RefID == spaceID && role.Location == pm.LocationSpace && role.Scope == pm.ScopeRow { + for _, a := range actions { + if role.Action == a { + return true + } + } + } + } + + return false +} + // GetUsersWithDocumentPermission returns list of users who have specified document permission in given space func GetUsersWithDocumentPermission(ctx domain.RequestContext, s domain.Store, spaceID, documentID string, permissionRequired pm.Action) (users []u.User, err error) { users = []u.User{} diff --git a/domain/storer.go b/domain/storer.go index 3611ffa3..7970267c 100644 --- a/domain/storer.go +++ b/domain/storer.go @@ -90,6 +90,7 @@ type PermissionStorer interface { AddPermission(ctx RequestContext, r permission.Permission) (err error) AddPermissions(ctx RequestContext, r permission.Permission, actions ...permission.Action) (err error) GetUserSpacePermissions(ctx RequestContext, spaceID string) (r []permission.Permission, err error) + GetSpacePermissionsForUser(ctx RequestContext, spaceID, userID string) (r []permission.Permission, err error) GetSpacePermissions(ctx RequestContext, spaceID string) (r []permission.Permission, err error) GetCategoryPermissions(ctx RequestContext, catID string) (r []permission.Permission, err error) GetCategoryUsers(ctx RequestContext, catID string) (u []user.User, err error)