Example #1
0
// authoriseReader returns error if the path/resource is not authorised
func authoriseReader(c router.Context, r ResourceModel) error {
	user := c.Get("current_user").(*users.User)

	if c.Path() == "/stories/create" && user.CanSubmit() {
		return nil
	}

	if c.Path() == "/comments/create" && user.CanComment() {
		return nil
	}

	// Allow upvotes and downvotes
	if strings.HasSuffix(c.Path(), "/upvote") && user.CanUpvote() {
		return nil
	}

	if strings.HasSuffix(c.Path(), "/downvote") && user.CanDownvote() {
		return nil
	}

	if r != nil {
		if r.OwnedBy(user.Id) {
			return nil
		}
	}

	return fmt.Errorf("Path and Resource not authorized:%s %v", c.Path(), r)

}
Example #2
0
// Resource authorises the path and resource for the current user
// if model is nil it is ignored and permission granted
func Resource(c router.Context, r ResourceModel) error {

	// If not public path, check based on user role
	user := c.Get("current_user").(*users.User)
	switch user.Role {
	case users.RoleAdmin:
		return authoriseAdmin(c, r)
	default:
		return authoriseReader(c, r)
	}

}
Example #3
0
// Resource authorises the path and resource for the current user
// if model is nil it is ignored and permission granted
func Resource(c router.Context, r ResourceModel) error {

	// Short circuit evaluation if this is a public path
	if publicPath(c.Path()) {
		return nil
	}

	user := c.Get("current_user").(*users.User)

	switch user.Role {
	case users.RoleAdmin:
		return nil
	case users.RoleEditor:
		if r.OwnedBy(user.Id) {
			return nil
		}
	}

	return fmt.Errorf("Path and Resource not authorized:%s %v", c.Path(), r)

}
Example #4
0
// CurrentUser returns the saved user (or an empty anon user) for the current session cookie
// Strictly speaking this should be authenticate.User
func CurrentUser(context router.Context) *users.User {

	// First check if the user has already been set on context, if so return it
	if context.Get("current_user") != nil {
		return context.Get("current_user").(*users.User)
	}

	// Start with an anon user by default (role 0, id 0)
	user := &users.User{}

	// Build the session from the secure cookie, or create a new one
	session, err := auth.Session(context.Writer(), context.Request())
	if err != nil {
		context.Logf("#error problem retrieving session")
		return user
	}

	// Fetch the current user record if we have one recorded in the session
	var id int64
	ids := session.Get(auth.SessionUserKey)
	if len(ids) > 0 {
		id, err = strconv.ParseInt(ids, 10, 64)
		if err != nil {
			context.Logf("#error Error decoding session user key:%s\n", err)
			return user
		}
	}

	if id != 0 {
		u, err := users.Find(id)
		if err != nil {
			context.Logf("#info User not found from session id:%d\n", id)
			return user
		}
		user = u
	}

	return user
}
Example #5
0
// Resource authorises the path and resource for the current user
// if model is nil it is ignored and permission granted
func Resource(c router.Context, r ResourceModel) error {

	// Short circuit evaluation if this is a public path
	if publicPath(c.Path()) {
		return nil
	}

	user := c.Get("current_user").(*users.User)

	switch user.Role {
	case users.RoleAdmin:
		return nil
	case users.RoleCustomer:

		// RoleCustomer should have access to /files
		if c.Path() == "/files" {
			return nil
		}

		// RoleCustomer should have access to /files/x/delete if file is owned by them
		if strings.HasPrefix(c.Path(), "/files") {
			if r != nil && r.OwnedBy(user.Id) {
				return nil
			}
		}

		// RoleCustomer should have access to /users/x/update if they are that user
		if strings.HasPrefix(c.Path(), "/users") {
			if r != nil && r.OwnedBy(user.Id) {
				return nil
			}
		}

	}

	return fmt.Errorf("Path and Resource not authorized:%s %v", c.Path(), r)
}