daddy/internal/graph/workgroup_handler.go
William Petit 3ef495445a Mise en place d'un système de vérification des autorisations côté
serveur

- Création d'un service d'autorisation dynamique basé sur des "voter" (à
  la Symfony)
- Mise en place des autorisations sur les principales queries/mutations
  de l'API GraphQL
2020-09-04 10:10:32 +02:00

192 lines
4.1 KiB
Go

package graph
import (
"context"
"forge.cadoles.com/Cadoles/daddy/internal/model"
"github.com/pkg/errors"
errs "github.com/pkg/errors"
)
func handleWorkgroups(ctx context.Context, filter *model.WorkgroupsFilter) ([]*model.Workgroup, error) {
db, err := getDB(ctx)
if err != nil {
return nil, errors.WithStack(err)
}
repo := model.NewWorkgroupRepository(db)
criteria := make([]interface{}, 0)
if filter != nil {
if len(filter.Ids) > 0 {
criteria = append(criteria, "id in (?)", filter.Ids)
}
}
found, err := repo.FindWorkgroups(ctx, criteria...)
if err != nil {
return nil, errors.WithStack(err)
}
workgroups := make([]*model.Workgroup, 0)
for _, wg := range found {
authorized, err := isAuthorized(ctx, wg, model.ActionRead)
if err != nil {
return nil, errs.WithStack(err)
}
if authorized {
workgroups = append(workgroups, wg)
}
}
return workgroups, nil
}
func handleJoinWorkgroup(ctx context.Context, rawWorkgroupID string) (*model.Workgroup, error) {
user, db, err := getSessionUser(ctx)
if err != nil {
return nil, errors.WithStack(err)
}
repo := model.NewWorkgroupRepository(db)
workgroup, err := repo.Find(ctx, rawWorkgroupID)
if err != nil {
return nil, errors.WithStack(err)
}
authorized, err := isAuthorized(ctx, workgroup, model.ActionJoin)
if err != nil {
return nil, errs.WithStack(err)
}
if !authorized {
return nil, errs.WithStack(ErrForbidden)
}
workgroup, err = repo.AddUserToWorkgroup(ctx, user.ID, workgroup.ID)
if err != nil {
return nil, errors.WithStack(err)
}
return workgroup, nil
}
func handleLeaveWorkgroup(ctx context.Context, workgroupID string) (*model.Workgroup, error) {
user, db, err := getSessionUser(ctx)
if err != nil {
return nil, errors.WithStack(err)
}
repo := model.NewWorkgroupRepository(db)
workgroup, err := repo.Find(ctx, workgroupID)
if err != nil {
return nil, errors.WithStack(err)
}
authorized, err := isAuthorized(ctx, workgroup, model.ActionLeave)
if err != nil {
return nil, errs.WithStack(err)
}
if !authorized {
return nil, errs.WithStack(ErrForbidden)
}
workgroup, err = repo.RemoveUserFromWorkgroup(ctx, user.ID, workgroup.ID)
if err != nil {
return nil, errors.WithStack(err)
}
return workgroup, nil
}
func handleCreateWorkgroup(ctx context.Context, changes model.WorkgroupChanges) (*model.Workgroup, error) {
authorized, err := isAuthorized(ctx, &model.Workgroup{}, model.ActionCreate)
if err != nil {
return nil, errs.WithStack(err)
}
if !authorized {
return nil, errs.WithStack(ErrForbidden)
}
db, err := getDB(ctx)
if err != nil {
return nil, errors.WithStack(err)
}
repo := model.NewWorkgroupRepository(db)
workgroup, err := repo.CreateWorkgroup(ctx, changes)
if err != nil {
return nil, errors.WithStack(err)
}
return workgroup, nil
}
func handleCloseWorkgroup(ctx context.Context, workgroupID string) (*model.Workgroup, error) {
db, err := getDB(ctx)
if err != nil {
return nil, errors.WithStack(err)
}
repo := model.NewWorkgroupRepository(db)
workgroup, err := repo.Find(ctx, workgroupID)
if err != nil {
return nil, errors.WithStack(err)
}
authorized, err := isAuthorized(ctx, workgroup, model.ActionClose)
if err != nil {
return nil, errs.WithStack(err)
}
if !authorized {
return nil, errs.WithStack(ErrForbidden)
}
workgroup, err = repo.CloseWorkgroup(ctx, workgroup.ID)
if err != nil {
return nil, errors.WithStack(err)
}
return workgroup, nil
}
func handleUpdateWorkgroup(ctx context.Context, workgroupID string, changes model.WorkgroupChanges) (*model.Workgroup, error) {
db, err := getDB(ctx)
if err != nil {
return nil, errors.WithStack(err)
}
repo := model.NewWorkgroupRepository(db)
workgroup, err := repo.Find(ctx, workgroupID)
if err != nil {
return nil, errors.WithStack(err)
}
authorized, err := isAuthorized(ctx, workgroup, model.ActionUpdate)
if err != nil {
return nil, errs.WithStack(err)
}
if !authorized {
return nil, errs.WithStack(ErrForbidden)
}
workgroup, err = repo.UpdateWorkgroup(ctx, workgroup.ID, changes)
if err != nil {
return nil, errors.WithStack(err)
}
return workgroup, nil
}