Refactor GetAccessLevel to include address parameter, update all ACL implementations and handlers for enhanced contextual access control.
This commit is contained in:
@@ -62,7 +62,7 @@ func (l *Listener) HandleEvent(msg []byte) (err error) {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
// check permissions of user
|
// check permissions of user
|
||||||
accessLevel := acl.Registry.GetAccessLevel(l.authedPubkey.Load())
|
accessLevel := acl.Registry.GetAccessLevel(l.authedPubkey.Load(), l.remote)
|
||||||
switch accessLevel {
|
switch accessLevel {
|
||||||
case "none":
|
case "none":
|
||||||
log.D.F(
|
log.D.F(
|
||||||
|
|||||||
@@ -28,16 +28,16 @@ func (l *Listener) HandleMessage(msg []byte, remote string) {
|
|||||||
if t, rem, err = envelopes.Identify(msg); !chk.E(err) {
|
if t, rem, err = envelopes.Identify(msg); !chk.E(err) {
|
||||||
switch t {
|
switch t {
|
||||||
case eventenvelope.L:
|
case eventenvelope.L:
|
||||||
log.D.F("eventenvelope: %s", rem)
|
log.D.F("eventenvelope: %s %s", remote, rem)
|
||||||
err = l.HandleEvent(rem)
|
err = l.HandleEvent(rem)
|
||||||
case reqenvelope.L:
|
case reqenvelope.L:
|
||||||
log.D.F("reqenvelope: %s", rem)
|
log.D.F("reqenvelope: %s %s", remote, rem)
|
||||||
err = l.HandleReq(rem)
|
err = l.HandleReq(rem)
|
||||||
case closeenvelope.L:
|
case closeenvelope.L:
|
||||||
log.D.F("closeenvelope: %s", rem)
|
log.D.F("closeenvelope: %s %s", remote, rem)
|
||||||
err = l.HandleClose(rem)
|
err = l.HandleClose(rem)
|
||||||
case authenvelope.L:
|
case authenvelope.L:
|
||||||
log.D.F("authenvelope: %s", rem)
|
log.D.F("authenvelope: %s %s", remote, rem)
|
||||||
err = l.HandleAuth(rem)
|
err = l.HandleAuth(rem)
|
||||||
default:
|
default:
|
||||||
err = errorf.E("unknown envelope type %s\n%s", t, rem)
|
err = errorf.E("unknown envelope type %s\n%s", t, rem)
|
||||||
|
|||||||
@@ -24,9 +24,7 @@ import (
|
|||||||
"utils.orly/pointers"
|
"utils.orly/pointers"
|
||||||
)
|
)
|
||||||
|
|
||||||
func (l *Listener) HandleReq(msg []byte) (
|
func (l *Listener) HandleReq(msg []byte) (err error) {
|
||||||
err error,
|
|
||||||
) {
|
|
||||||
var rem []byte
|
var rem []byte
|
||||||
env := reqenvelope.New()
|
env := reqenvelope.New()
|
||||||
if rem, err = env.Unmarshal(msg); chk.E(err) {
|
if rem, err = env.Unmarshal(msg); chk.E(err) {
|
||||||
@@ -43,7 +41,7 @@ func (l *Listener) HandleReq(msg []byte) (
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
// check permissions of user
|
// check permissions of user
|
||||||
accessLevel := acl.Registry.GetAccessLevel(l.authedPubkey.Load())
|
accessLevel := acl.Registry.GetAccessLevel(l.authedPubkey.Load(), l.remote)
|
||||||
switch accessLevel {
|
switch accessLevel {
|
||||||
case "none":
|
case "none":
|
||||||
if err = okenvelope.NewFrom(
|
if err = okenvelope.NewFrom(
|
||||||
|
|||||||
@@ -28,10 +28,10 @@ func (s *S) Configure(cfg ...any) (err error) {
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *S) GetAccessLevel(pub []byte) (level string) {
|
func (s *S) GetAccessLevel(pub []byte, address string) (level string) {
|
||||||
for _, i := range s.ACL {
|
for _, i := range s.ACL {
|
||||||
if i.Type() == s.Active.Load() {
|
if i.Type() == s.Active.Load() {
|
||||||
level = i.GetAccessLevel(pub)
|
level = i.GetAccessLevel(pub, address)
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -116,7 +116,7 @@ func (f *Follows) Configure(cfg ...any) (err error) {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
func (f *Follows) GetAccessLevel(pub []byte) (level string) {
|
func (f *Follows) GetAccessLevel(pub []byte, address string) (level string) {
|
||||||
if f.cfg == nil {
|
if f.cfg == nil {
|
||||||
return "write"
|
return "write"
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -8,7 +8,7 @@ type None struct{}
|
|||||||
|
|
||||||
func (n None) Configure(cfg ...any) (err error) { return }
|
func (n None) Configure(cfg ...any) (err error) { return }
|
||||||
|
|
||||||
func (n None) GetAccessLevel(pub []byte) (level string) {
|
func (n None) GetAccessLevel(pub []byte, address string) (level string) {
|
||||||
return "write"
|
return "write"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -22,7 +22,7 @@ const (
|
|||||||
type I interface {
|
type I interface {
|
||||||
Configure(cfg ...any) (err error)
|
Configure(cfg ...any) (err error)
|
||||||
// GetAccessLevel returns the access level string for a given pubkey.
|
// GetAccessLevel returns the access level string for a given pubkey.
|
||||||
GetAccessLevel(pub []byte) (level string)
|
GetAccessLevel(pub []byte, address string) (level string)
|
||||||
// GetACLInfo returns the name and a description of the ACL, which should
|
// GetACLInfo returns the name and a description of the ACL, which should
|
||||||
// explain briefly how it works, and then a long text of documentation of
|
// explain briefly how it works, and then a long text of documentation of
|
||||||
// the ACL's rules and configuration (in asciidoc or markdown).
|
// the ACL's rules and configuration (in asciidoc or markdown).
|
||||||
|
|||||||
Reference in New Issue
Block a user