/
roles.go
99 lines (90 loc) · 2.51 KB
/
roles.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
// Copyright 2012 The AEGo Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package user
import (
"errors"
"github.com/gaego/context"
"github.com/gaego/session"
"net/http"
)
var (
ErrRoleAlreadyAdded = errors.New("user: role already added")
)
// AddRole appends the role to the User's Roles. Returns an error if the role
// was already present.
func (u *User) AddRole(role string) error {
if u.HasRole(role) {
return ErrRoleAlreadyAdded
}
u.Roles = append(u.Roles, role)
return nil
}
// HasRole returns true if the user has the role.
func (u *User) HasRole(role string) bool {
for _, r := range u.Roles {
if r == role {
return true
}
}
return false
}
// CurrentUserHasRole checks for the presents of a role listed under the current user.
// The role is retrieved from the users session to save on lookups.
func CurrentUserHasRole(w http.ResponseWriter, r *http.Request, role string) bool {
// Confirm we have a user.
if id, err := CurrentUserID(r); id != "" || err != nil {
return false
}
c := context.NewContext(r)
store, err := session.GetStore(c)
if err != nil {
c.Criticalf("user: There was an error retrieving the session store Error: %v", err)
return false
}
// 1st Check the session.
s, err := store.Get(r, "user|roles")
if err != nil {
c.Criticalf("user: There was an error retrieving the session Error: %v", err)
return false
}
if s.Values[role] == true {
return true
}
// 2nd Check the ds.
u, err := Current(r)
if err != nil {
return false
}
if u.HasRole(role) {
// Set the role to true in the session to avoid this look up in the future.
if err = CurrentUserSetRole(w, r, role, true); err != nil {
return false
}
return true
}
return false
}
// CurrentUserSetRole adds role to the current user's roles.
// The role is stored in the users session to save on lookups.
func CurrentUserSetRole(w http.ResponseWriter, r *http.Request, role string,
value bool) (err error) {
c := context.NewContext(r)
store, err := session.GetStore(c)
if err != nil {
c.Criticalf("user: There was an error retrieving the session store Error: %v", err)
return
}
s, err := store.Get(r, "user")
if err != nil {
c.Criticalf("user: There was an error retrieving the session Error: %v", err)
return
}
// If the user is already an admin then there's no need to
// re-add the that role.
// if !user.CurrentUserHasRole(w, r, "admin") {
// u.AddRole("admin")
// }
s.Values[role] = value
return s.Save(r, w)
}