GraphQL API and utilities for the rpdata project
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

53 lines
1.3 KiB

package auth
import (
"context"
"reflect"
"git.aiterp.net/rpdata/api/models"
)
// CheckPermission does some magic.
func CheckPermission(ctx context.Context, op string, obj interface{}) error {
token := TokenFromContext(ctx)
if token == nil {
return ErrUnauthenticated
}
if reflect.TypeOf(obj).Kind() != reflect.Ptr {
return CheckPermission(ctx, op, &obj)
}
var authorized = false
switch v := obj.(type) {
case *models.Channel:
authorized = token.Permitted("channel." + op)
case *models.Character:
authorized = token.PermittedUser(v.Author, "member", "character."+op)
case *models.Chapter:
authorized = token.PermittedUser(v.Author, "member", "chapter."+op)
case *models.Comment:
if op == "add" && v.Author != token.UserID {
return ErrInvalidOperation
}
authorized = token.PermittedUser(v.Author, "member", "comment."+op)
case *models.File:
authorized = token.PermittedUser(v.Author, "member", "file."+op)
case *models.Log:
authorized = token.Permitted("log." + op)
case *models.Post:
authorized = token.Permitted("post." + op)
case *models.Story:
authorized = token.PermittedUser(v.Author, "member", "story."+op)
case *models.User:
authorized = token.Permitted("user." + op)
}
if !authorized {
return ErrUnauthorized
}
return nil
}