Refactor GetAccessLevel to include address parameter, update all ACL implementations and handlers for enhanced contextual access control.
This commit is contained in:
@@ -62,7 +62,7 @@ func (l *Listener) HandleEvent(msg []byte) (err error) {
|
||||
return
|
||||
}
|
||||
// check permissions of user
|
||||
accessLevel := acl.Registry.GetAccessLevel(l.authedPubkey.Load())
|
||||
accessLevel := acl.Registry.GetAccessLevel(l.authedPubkey.Load(), l.remote)
|
||||
switch accessLevel {
|
||||
case "none":
|
||||
log.D.F(
|
||||
|
||||
@@ -28,16 +28,16 @@ func (l *Listener) HandleMessage(msg []byte, remote string) {
|
||||
if t, rem, err = envelopes.Identify(msg); !chk.E(err) {
|
||||
switch t {
|
||||
case eventenvelope.L:
|
||||
log.D.F("eventenvelope: %s", rem)
|
||||
log.D.F("eventenvelope: %s %s", remote, rem)
|
||||
err = l.HandleEvent(rem)
|
||||
case reqenvelope.L:
|
||||
log.D.F("reqenvelope: %s", rem)
|
||||
log.D.F("reqenvelope: %s %s", remote, rem)
|
||||
err = l.HandleReq(rem)
|
||||
case closeenvelope.L:
|
||||
log.D.F("closeenvelope: %s", rem)
|
||||
log.D.F("closeenvelope: %s %s", remote, rem)
|
||||
err = l.HandleClose(rem)
|
||||
case authenvelope.L:
|
||||
log.D.F("authenvelope: %s", rem)
|
||||
log.D.F("authenvelope: %s %s", remote, rem)
|
||||
err = l.HandleAuth(rem)
|
||||
default:
|
||||
err = errorf.E("unknown envelope type %s\n%s", t, rem)
|
||||
|
||||
@@ -24,9 +24,7 @@ import (
|
||||
"utils.orly/pointers"
|
||||
)
|
||||
|
||||
func (l *Listener) HandleReq(msg []byte) (
|
||||
err error,
|
||||
) {
|
||||
func (l *Listener) HandleReq(msg []byte) (err error) {
|
||||
var rem []byte
|
||||
env := reqenvelope.New()
|
||||
if rem, err = env.Unmarshal(msg); chk.E(err) {
|
||||
@@ -43,7 +41,7 @@ func (l *Listener) HandleReq(msg []byte) (
|
||||
}
|
||||
}
|
||||
// check permissions of user
|
||||
accessLevel := acl.Registry.GetAccessLevel(l.authedPubkey.Load())
|
||||
accessLevel := acl.Registry.GetAccessLevel(l.authedPubkey.Load(), l.remote)
|
||||
switch accessLevel {
|
||||
case "none":
|
||||
if err = okenvelope.NewFrom(
|
||||
|
||||
@@ -28,10 +28,10 @@ func (s *S) Configure(cfg ...any) (err error) {
|
||||
return err
|
||||
}
|
||||
|
||||
func (s *S) GetAccessLevel(pub []byte) (level string) {
|
||||
func (s *S) GetAccessLevel(pub []byte, address string) (level string) {
|
||||
for _, i := range s.ACL {
|
||||
if i.Type() == s.Active.Load() {
|
||||
level = i.GetAccessLevel(pub)
|
||||
level = i.GetAccessLevel(pub, address)
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
@@ -116,7 +116,7 @@ func (f *Follows) Configure(cfg ...any) (err error) {
|
||||
return
|
||||
}
|
||||
|
||||
func (f *Follows) GetAccessLevel(pub []byte) (level string) {
|
||||
func (f *Follows) GetAccessLevel(pub []byte, address string) (level string) {
|
||||
if f.cfg == nil {
|
||||
return "write"
|
||||
}
|
||||
|
||||
@@ -8,7 +8,7 @@ type None struct{}
|
||||
|
||||
func (n None) Configure(cfg ...any) (err error) { return }
|
||||
|
||||
func (n None) GetAccessLevel(pub []byte) (level string) {
|
||||
func (n None) GetAccessLevel(pub []byte, address string) (level string) {
|
||||
return "write"
|
||||
}
|
||||
|
||||
|
||||
@@ -22,7 +22,7 @@ const (
|
||||
type I interface {
|
||||
Configure(cfg ...any) (err error)
|
||||
// GetAccessLevel returns the access level string for a given pubkey.
|
||||
GetAccessLevel(pub []byte) (level string)
|
||||
GetAccessLevel(pub []byte, address string) (level string)
|
||||
// GetACLInfo returns the name and a description of the ACL, which should
|
||||
// explain briefly how it works, and then a long text of documentation of
|
||||
// the ACL's rules and configuration (in asciidoc or markdown).
|
||||
|
||||
Reference in New Issue
Block a user