mirror of
https://github.com/documize/community.git
synced 2025-08-05 13:35:25 +02:00
refactored permission code
This commit is contained in:
Harvey Kandola
parent
c12c000ef3
commit
6a651770b5
24 changed files with 753 additions and 632 deletions
|
|
@ -23,8 +23,8 @@ import (
|
|||
"github.com/documize/community/core/streamutil"
|
||||
"github.com/documize/community/core/stringutil"
|
||||
"github.com/documize/community/domain"
|
||||
"github.com/documize/community/domain/permission"
|
||||
indexer "github.com/documize/community/domain/search"
|
||||
"github.com/documize/community/domain/space"
|
||||
"github.com/documize/community/model/activity"
|
||||
"github.com/documize/community/model/audit"
|
||||
"github.com/documize/community/model/doc"
|
||||
|
|
@ -61,7 +61,7 @@ func (h *Handler) Get(w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
if !CanViewDocumentInFolder(ctx, *h.Store, document.LabelID) {
|
||||
if !permission.CanViewSpaceDocument(ctx, *h.Store, document.LabelID) {
|
||||
response.WriteForbiddenError(w)
|
||||
return
|
||||
}
|
||||
|
|
@ -147,7 +147,7 @@ func (h *Handler) BySpace(w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
if !space.CanViewSpace(ctx, *h.Store, spaceID) {
|
||||
if !permission.CanViewSpace(ctx, *h.Store, spaceID) {
|
||||
response.WriteForbiddenError(w)
|
||||
return
|
||||
}
|
||||
|
|
@ -210,7 +210,7 @@ func (h *Handler) Update(w http.ResponseWriter, r *http.Request) {
|
|||
// return
|
||||
// }
|
||||
|
||||
if !CanChangeDocument(ctx, *h.Store, documentID) {
|
||||
if !permission.CanChangeDocument(ctx, *h.Store, documentID) {
|
||||
response.WriteForbiddenError(w)
|
||||
return
|
||||
}
|
||||
|
|
@ -269,7 +269,7 @@ func (h *Handler) Delete(w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
if !CanChangeDocument(ctx, *h.Store, documentID) {
|
||||
if !permission.CanDeleteDocument(ctx, *h.Store, documentID) {
|
||||
response.WriteForbiddenError(w)
|
||||
return
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,117 +0,0 @@
|
|||
// Copyright 2016 Documize Inc. <legal@documize.com>. All rights reserved.
|
||||
//
|
||||
// This software (Documize Community Edition) is licensed under
|
||||
// GNU AGPL v3 http://www.gnu.org/licenses/agpl-3.0.en.html
|
||||
//
|
||||
// You can operate outside the AGPL restrictions by purchasing
|
||||
// Documize Enterprise Edition and obtaining a commercial license
|
||||
// by contacting <sales@documize.com>.
|
||||
//
|
||||
// https://documize.com
|
||||
|
||||
package document
|
||||
|
||||
import (
|
||||
"database/sql"
|
||||
|
||||
"github.com/documize/community/domain"
|
||||
sp "github.com/documize/community/model/space"
|
||||
)
|
||||
|
||||
// CanViewDocumentInFolder returns if the user has permission to view a document within the specified folder.
|
||||
func CanViewDocumentInFolder(ctx domain.RequestContext, s domain.Store, labelID string) bool {
|
||||
roles, err := s.Space.GetUserPermissions(ctx, labelID)
|
||||
if err == sql.ErrNoRows {
|
||||
err = nil
|
||||
}
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
|
||||
for _, role := range roles {
|
||||
if role.RefID == labelID && role.Location == "space" && role.Scope == "object" &&
|
||||
sp.HasPermission(role.Action, sp.SpaceView, sp.SpaceManage, sp.SpaceOwner) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
// CanViewDocument returns if the client has permission to view a given document.
|
||||
func CanViewDocument(ctx domain.RequestContext, s domain.Store, documentID string) bool {
|
||||
document, err := s.Document.Get(ctx, documentID)
|
||||
if err == sql.ErrNoRows {
|
||||
err = nil
|
||||
}
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
|
||||
roles, err := s.Space.GetUserPermissions(ctx, document.LabelID)
|
||||
if err == sql.ErrNoRows {
|
||||
err = nil
|
||||
}
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
|
||||
for _, role := range roles {
|
||||
if role.RefID == document.LabelID && role.Location == "space" && role.Scope == "object" &&
|
||||
sp.HasPermission(role.Action, sp.SpaceView, sp.SpaceManage, sp.SpaceOwner) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
// CanChangeDocument returns if the clinet has permission to change a given document.
|
||||
func CanChangeDocument(ctx domain.RequestContext, s domain.Store, documentID string) bool {
|
||||
document, err := s.Document.Get(ctx, documentID)
|
||||
|
||||
if err == sql.ErrNoRows {
|
||||
err = nil
|
||||
}
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
|
||||
roles, err := s.Space.GetUserPermissions(ctx, document.LabelID)
|
||||
|
||||
if err == sql.ErrNoRows {
|
||||
err = nil
|
||||
}
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
|
||||
for _, role := range roles {
|
||||
if role.RefID == document.LabelID && role.Location == "space" && role.Scope == "object" &&
|
||||
sp.HasPermission(role.Action, sp.DocumentEdit) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
// CanUploadDocument returns if the client has permission to upload documents to the given space.
|
||||
func CanUploadDocument(ctx domain.RequestContext, s domain.Store, spaceID string) bool {
|
||||
roles, err := s.Space.GetUserPermissions(ctx, spaceID)
|
||||
if err == sql.ErrNoRows {
|
||||
err = nil
|
||||
}
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
|
||||
for _, role := range roles {
|
||||
if role.RefID == spaceID && role.Location == "space" && role.Scope == "object" &&
|
||||
sp.HasPermission(role.Action, sp.DocumentAdd) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue