func GetExisting(r *http.Request) (u *User, err error) {
s, err := session.GetExisting(r)
if err != nil {
return nil, err
}
u = new(User)
u.ID = s.Get("openid-email")
err = u.Load()
return
}
// Basic function that retrieves the permissions a user has based on the contents of their request, including cookies and request path. Designed to be a simple function for most uses. If you want more control, you can use the GetGroupPerms and GetUserPerms functions.
func Get(r *http.Request) (p *Permissions, err error) {
p = new(Permissions)
s, err := session.GetExisting(r)
if err != nil {
p.Authenticated = false
return
}
p.Authenticated = true
// Current authentication is based on e-mail. Might change this?
uname := s.Get("openid-email")
fmt.Println("Getting permissions for", uname)
uperms, err := GetUserPerms(uname, r.URL.Path)
if err != nil {
return nil, err
}
if uperms == nil {
p.Recognized = false
return
}
p.Write = uperms.Write
p.Read = uperms.Read
fmt.Println("Grabbed permissions for user")
groups, err := loadGroups(uname)
if err != nil {
return nil, err
}
for _, group := range groups {
gperms, err := GetGroupPerms(group, r.URL.Path)
if err != nil {
return nil, err
}
if gperms == nil {
continue
}
// Use the most permissive interpretation of the permissions. If a group is allowed to access something, so should all the users in the group.
if !uperms.Read {
if gperms.Read {
p.Read = true
}
}
if !uperms.Write {
if gperms.Write {
p.Write = true
}
}
}
return
}
