Commit 6bdcd504 authored by Juliusz Chroboczek's avatar Juliusz Chroboczek

Make GetPermission a method of Group.

parent 0fe3ed2e
...@@ -563,7 +563,7 @@ func AddClient(group string, c Client, creds ClientCredentials) (*Group, error) ...@@ -563,7 +563,7 @@ func AddClient(group string, c Client, creds ClientCredentials) (*Group, error)
clients := g.getClientsUnlocked(nil) clients := g.getClientsUnlocked(nil)
if !member("system", c.Permissions()) { if !member("system", c.Permissions()) {
username, perms, err := g.description.GetPermission(group, creds) username, perms, err := g.getPermission(creds)
if err != nil { if err != nil {
return nil, err return nil, err
} }
...@@ -815,7 +815,7 @@ func (g *Group) GetChatHistory() []ChatHistoryEntry { ...@@ -815,7 +815,7 @@ func (g *Group) GetChatHistory() []ChatHistoryEntry {
return h return h
} }
func matchClient(group string, creds ClientCredentials, users []ClientPattern) (bool, bool) { func matchClient(creds ClientCredentials, users []ClientPattern) (bool, bool) {
matched := false matched := false
for _, u := range users { for _, u := range users {
if u.Username == creds.Username { if u.Username == creds.Username {
...@@ -1103,12 +1103,14 @@ func readDescription(name string) (*Description, error) { ...@@ -1103,12 +1103,14 @@ func readDescription(name string) (*Description, error) {
return &desc, nil return &desc, nil
} }
func (desc *Description) GetPermission(group string, creds ClientCredentials) (string, []string, error) { // called locked
func (g *Group) getPermission(creds ClientCredentials) (string, []string, error) {
desc := g.description
if creds.Token == "" { if creds.Token == "" {
if !desc.AllowAnonymous && creds.Username == "" { if !desc.AllowAnonymous && creds.Username == "" {
return "", nil, ErrAnonymousNotAuthorised return "", nil, ErrAnonymousNotAuthorised
} }
if found, good := matchClient(group, creds, desc.Op); found { if found, good := matchClient(creds, desc.Op); found {
if good { if good {
var p []string var p []string
p = []string{"op", "present"} p = []string{"op", "present"}
...@@ -1119,13 +1121,13 @@ func (desc *Description) GetPermission(group string, creds ClientCredentials) (s ...@@ -1119,13 +1121,13 @@ func (desc *Description) GetPermission(group string, creds ClientCredentials) (s
} }
return "", nil, ErrNotAuthorised return "", nil, ErrNotAuthorised
} }
if found, good := matchClient(group, creds, desc.Presenter); found { if found, good := matchClient(creds, desc.Presenter); found {
if good { if good {
return creds.Username, []string{"present"}, nil return creds.Username, []string{"present"}, nil
} }
return "", nil, ErrNotAuthorised return "", nil, ErrNotAuthorised
} }
if found, good := matchClient(group, creds, desc.Other); found { if found, good := matchClient(creds, desc.Other); found {
if good { if good {
return creds.Username, nil, nil return creds.Username, nil, nil
} }
...@@ -1164,7 +1166,7 @@ func (desc *Description) GetPermission(group string, creds ClientCredentials) (s ...@@ -1164,7 +1166,7 @@ func (desc *Description) GetPermission(group string, creds ClientCredentials) (s
continue continue
} }
} }
if url.Path == path.Join("/group", group)+"/" { if url.Path == path.Join("/group", g.name)+"/" {
ok = true ok = true
break break
} }
...@@ -1175,6 +1177,12 @@ func (desc *Description) GetPermission(group string, creds ClientCredentials) (s ...@@ -1175,6 +1177,12 @@ func (desc *Description) GetPermission(group string, creds ClientCredentials) (s
return sub, perms, nil return sub, perms, nil
} }
func (g *Group) GetPermission(creds ClientCredentials) (string, []string, error) {
g.mu.Lock()
defer g.mu.Unlock()
return g.getPermission(creds)
}
type Status struct { type Status struct {
Name string `json:"name"` Name string `json:"name"`
Location string `json:"location"` Location string `json:"location"`
......
...@@ -591,17 +591,17 @@ func handleGroupAction(w http.ResponseWriter, r *http.Request, group string) { ...@@ -591,17 +591,17 @@ func handleGroupAction(w http.ResponseWriter, r *http.Request, group string) {
} }
func checkGroupPermissions(w http.ResponseWriter, r *http.Request, groupname string) bool { func checkGroupPermissions(w http.ResponseWriter, r *http.Request, groupname string) bool {
desc, err := group.GetDescription(groupname) user, pass, ok := r.BasicAuth()
if err != nil { if !ok {
return false return false
} }
user, pass, ok := r.BasicAuth() g := group.Get(groupname)
if !ok { if g == nil {
return false return false
} }
_, p, err := desc.GetPermission(groupname, _, p, err := g.GetPermission(
group.ClientCredentials{ group.ClientCredentials{
Username: user, Username: user,
Password: pass, Password: pass,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment