func addPermissions(w http.ResponseWriter, r *http.Request, t auth.Token) error {
if !permission.Check(t, permission.PermRoleUpdate) {
return permission.ErrUnauthorized
}
roleName := r.URL.Query().Get(":name")
role, err := permission.FindRole(roleName)
if err != nil {
return err
}
err = r.ParseForm()
if err != nil {
return err
}
users, err := auth.ListUsersWithRole(roleName)
if err != nil {
return err
}
err = runWithPermSync(users, func() error {
return role.AddPermissions(r.Form["permission"]...)
})
if err == nil {
w.WriteHeader(http.StatusOK)
}
return err
}
// title: add permissions
// path: /roles/{name}/permissions
// method: POST
// consume: application/x-www-form-urlencoded
// responses:
// 200: Ok
// 400: Invalid data
// 401: Unauthorized
// 409: Permission not allowed
func addPermissions(w http.ResponseWriter, r *http.Request, t auth.Token) (err error) {
r.ParseForm()
if !permission.Check(t, permission.PermRoleUpdatePermissionAdd) {
return permission.ErrUnauthorized
}
roleName := r.URL.Query().Get(":name")
evt, err := event.New(&event.Opts{
Target: event.Target{Type: event.TargetTypeRole, Value: roleName},
Kind: permission.PermRoleUpdatePermissionAdd,
Owner: t,
CustomData: event.FormToCustomData(r.Form),
Allowed: event.Allowed(permission.PermRoleReadEvents),
})
if err != nil {
return err
}
defer func() { evt.Done(err) }()
role, err := permission.FindRole(roleName)
if err != nil {
return err
}
err = r.ParseForm()
if err != nil {
return err
}
users, err := auth.ListUsersWithRole(roleName)
if err != nil {
return err
}
err = runWithPermSync(users, func() error {
return role.AddPermissions(r.Form["permission"]...)
})
if err == permission.ErrInvalidPermissionName {
return &errors.HTTP{
Code: http.StatusBadRequest,
Message: err.Error(),
}
}
if perr, ok := err.(*permission.ErrPermissionNotFound); ok {
return &errors.HTTP{
Code: http.StatusBadRequest,
Message: perr.Error(),
}
}
if perr, ok := err.(*permission.ErrPermissionNotAllowed); ok {
return &errors.HTTP{
Code: http.StatusConflict,
Message: perr.Error(),
}
}
return err
}
func removePermissions(w http.ResponseWriter, r *http.Request, t auth.Token) error {
if !permission.Check(t, permission.PermRoleUpdate) {
return permission.ErrUnauthorized
}
roleName := r.URL.Query().Get(":name")
permName := r.URL.Query().Get(":permission")
role, err := permission.FindRole(roleName)
if err != nil {
return err
}
users, err := auth.ListUsersWithRole(roleName)
if err != nil {
return err
}
err = runWithPermSync(users, func() error {
return role.RemovePermissions(permName)
})
return err
}
func addPermissions(w http.ResponseWriter, r *http.Request, t auth.Token) error {
if !permission.Check(t, permission.PermRoleUpdate) {
return permission.ErrUnauthorized
}
roleName := r.URL.Query().Get(":name")
role, err := permission.FindRole(roleName)
if err != nil {
return err
}
err = r.ParseForm()
if err != nil {
return err
}
users, err := auth.ListUsersWithRole(roleName)
if err != nil {
return err
}
err = runWithPermSync(users, func() error {
return role.AddPermissions(r.Form["permission"]...)
})
if err == permission.ErrInvalidPermissionName {
return &errors.HTTP{
Code: http.StatusBadRequest,
Message: err.Error(),
}
}
if perr, ok := err.(*permission.ErrPermissionNotFound); ok {
return &errors.HTTP{
Code: http.StatusBadRequest,
Message: perr.Error(),
}
}
if perr, ok := err.(*permission.ErrPermissionNotAllowed); ok {
return &errors.HTTP{
Code: http.StatusConflict,
Message: perr.Error(),
}
}
return err
}
// title: remove permission
// path: /roles/{name}/permissions/{permission}
// method: DELETE
// responses:
// 200: Permission removed
// 401: Unauthorized
// 404: Not found
func removePermissions(w http.ResponseWriter, r *http.Request, t auth.Token) (err error) {
r.ParseForm()
if !permission.Check(t, permission.PermRoleUpdatePermissionRemove) {
return permission.ErrUnauthorized
}
roleName := r.URL.Query().Get(":name")
evt, err := event.New(&event.Opts{
Target: event.Target{Type: event.TargetTypeRole, Value: roleName},
Kind: permission.PermRoleUpdatePermissionRemove,
Owner: t,
CustomData: event.FormToCustomData(r.Form),
Allowed: event.Allowed(permission.PermRoleReadEvents),
})
if err != nil {
return err
}
defer func() { evt.Done(err) }()
permName := r.URL.Query().Get(":permission")
role, err := permission.FindRole(roleName)
if err != nil {
if err == permission.ErrRoleNotFound {
return &errors.HTTP{
Code: http.StatusNotFound,
Message: err.Error(),
}
}
return err
}
users, err := auth.ListUsersWithRole(roleName)
if err != nil {
return err
}
err = runWithPermSync(users, func() error {
return role.RemovePermissions(permName)
})
return err
}