William Petit
3ef495445a
serveur - Création d'un service d'autorisation dynamique basé sur des "voter" (à la Symfony) - Mise en place des autorisations sur les principales queries/mutations de l'API GraphQL
55 lines
962 B
Go
55 lines
962 B
Go
package model
|
|
|
|
import (
|
|
"context"
|
|
|
|
"forge.cadoles.com/Cadoles/daddy/internal/voter"
|
|
)
|
|
|
|
type WorkgroupVoter struct {
|
|
}
|
|
|
|
func (v *WorkgroupVoter) Vote(ctx context.Context, subject interface{}, obj interface{}, act interface{}) (voter.Decision, error) {
|
|
user, ok := subject.(*User)
|
|
if !ok {
|
|
return voter.Abstain, nil
|
|
}
|
|
|
|
workgroup, ok := obj.(*Workgroup)
|
|
if !ok {
|
|
return voter.Abstain, nil
|
|
}
|
|
|
|
action, ok := act.(Action)
|
|
if !ok {
|
|
return voter.Abstain, nil
|
|
}
|
|
|
|
switch action {
|
|
case ActionCreate:
|
|
return voter.Allow, nil
|
|
case ActionRead:
|
|
return voter.Allow, nil
|
|
case ActionJoin:
|
|
return voter.Allow, nil
|
|
case ActionLeave:
|
|
fallthrough
|
|
case ActionUpdate:
|
|
fallthrough
|
|
case ActionClose:
|
|
if inWorkgroup(user, workgroup) {
|
|
return voter.Allow, nil
|
|
} else {
|
|
return voter.Deny, nil
|
|
}
|
|
case ActionDelete:
|
|
return voter.Deny, nil
|
|
}
|
|
|
|
return voter.Abstain, nil
|
|
}
|
|
|
|
func NewWorkgroupVoter() *WorkgroupVoter {
|
|
return &WorkgroupVoter{}
|
|
}
|