eintopf.info@v0.13.16/service/invitation/authorizer.go (about) 1 // Copyright (C) 2022 The Eintopf authors 2 // 3 // This program is free software: you can redistribute it and/or modify 4 // it under the terms of the GNU Affero General Public License as 5 // published by the Free Software Foundation, either version 3 of the 6 // License, or (at your option) any later version. 7 // 8 // This program is distributed in the hope that it will be useful, 9 // but WITHOUT ANY WARRANTY; without even the implied warranty of 10 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 // GNU Affero General Public License for more details. 12 // 13 // You should have received a copy of the GNU Affero General Public License 14 // along with this program. If not, see <https://www.gnu.org/licenses/>. 15 16 package invitation 17 18 import ( 19 "context" 20 21 "eintopf.info/service/auth" 22 "eintopf.info/service/user" 23 ) 24 25 type authorizer struct { 26 service Service 27 } 28 29 func NewAuthorizer(service Service) Service { 30 return &authorizer{service} 31 } 32 33 func (a *authorizer) Create(ctx context.Context, invitation *NewInvitation) (*Invitation, error) { 34 role, err := auth.RoleFromContext(ctx) 35 if err != nil { 36 return nil, auth.ErrUnauthorized 37 } 38 if role != auth.RoleAdmin && role != auth.RoleInternal { 39 return nil, auth.ErrUnauthorized 40 } 41 return a.service.Create(ctx, invitation) 42 } 43 func (a *authorizer) Update(ctx context.Context, invitation *Invitation) (*Invitation, error) { 44 role, err := auth.RoleFromContext(ctx) 45 if err != nil { 46 return nil, auth.ErrUnauthorized 47 } 48 if role != auth.RoleAdmin && role != auth.RoleInternal { 49 return nil, auth.ErrUnauthorized 50 } 51 return a.service.Update(ctx, invitation) 52 } 53 func (a *authorizer) Delete(ctx context.Context, id string) error { 54 role, err := auth.RoleFromContext(ctx) 55 if err != nil { 56 return auth.ErrUnauthorized 57 } 58 if role != auth.RoleAdmin && role != auth.RoleInternal { 59 return auth.ErrUnauthorized 60 } 61 return a.service.Delete(ctx, id) 62 } 63 func (a *authorizer) FindByID(ctx context.Context, id string) (*Invitation, error) { 64 role, err := auth.RoleFromContext(ctx) 65 if err != nil { 66 return nil, auth.ErrUnauthorized 67 } 68 if role != auth.RoleAdmin && role != auth.RoleInternal { 69 userID, err := auth.UserIDFromContext(ctx) 70 if err != nil { 71 return nil, auth.ErrUnauthorized 72 } 73 if userID != id { 74 return nil, auth.ErrUnauthorized 75 } 76 } 77 return a.service.FindByID(ctx, id) 78 } 79 func (a *authorizer) Find(ctx context.Context, params *FindParams) ([]Invitation, int, error) { 80 role, err := auth.RoleFromContext(ctx) 81 if err != nil { 82 return nil, 0, auth.ErrUnauthorized 83 } 84 invitations, total, err := a.service.Find(ctx, params) 85 if err != nil { 86 return nil, 0, err 87 } 88 if role != auth.RoleAdmin && role != auth.RoleModerator && role != auth.RoleInternal { 89 userID, err := auth.UserIDFromContext(ctx) 90 if err != nil { 91 return nil, 0, auth.ErrUnauthorized 92 } 93 filteredInvitations := []Invitation{} 94 for _, invitation := range invitations { 95 if invitation.ID == userID { 96 filteredInvitations = append(filteredInvitations, invitation) 97 } 98 } 99 invitations = filteredInvitations 100 } 101 102 return invitations, total, nil 103 } 104 105 func (a *authorizer) Invite(ctx context.Context) (token string, err error) { 106 _, err = auth.UserIDFromContext(ctx) 107 if err != nil { 108 return "", auth.ErrUnauthorized 109 } 110 return a.service.Invite(ctx) 111 } 112 func (a *authorizer) UseInvite(ctx context.Context, token string, user *user.NewUser) error { 113 return a.service.UseInvite(ctx, token, user) 114 }