Add permissions helper functions
This commit is contained in:
parent
d599ecc3bd
commit
625d777a8b
1 changed files with 118 additions and 0 deletions
118
helpers/permissions.go
Normal file
118
helpers/permissions.go
Normal file
|
|
@ -0,0 +1,118 @@
|
|||
package helpers
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
"git.readonly.ch/bouzoure/pop-camarades/models"
|
||||
)
|
||||
|
||||
var Permissions = []string{
|
||||
// Members
|
||||
"show_member",
|
||||
"create_member",
|
||||
"edit_member",
|
||||
"show_archived_member",
|
||||
"archive_member",
|
||||
"restore_member",
|
||||
"purge_member",
|
||||
"convert_member_to_contact",
|
||||
// Contacts
|
||||
"show_contact",
|
||||
"create_contact",
|
||||
"edit_contact",
|
||||
"show_archived_contact",
|
||||
"archive_contact",
|
||||
"restore_contact",
|
||||
"purge_contact",
|
||||
"convert_contact_to_member",
|
||||
}
|
||||
|
||||
func PermissionsGetSections(userid uint, permission string) ([]uint, error) {
|
||||
var sections []uint
|
||||
|
||||
found := false
|
||||
for _, item := range Permissions {
|
||||
if item == permission {
|
||||
found = true
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
if !found {
|
||||
return sections, fmt.Errorf("unknown permission")
|
||||
}
|
||||
|
||||
db, err := GetDatabase()
|
||||
if err != nil {
|
||||
return sections, err
|
||||
}
|
||||
|
||||
var user models.User
|
||||
result := db.Find(&user, "id = ?", userid)
|
||||
|
||||
if result.RowsAffected < 1 {
|
||||
return sections, nil
|
||||
}
|
||||
|
||||
if user.IsAdmin {
|
||||
var allSections []models.Section
|
||||
db.Find(&allSections)
|
||||
|
||||
for _, s := range allSections {
|
||||
sections = append(sections, s.ID)
|
||||
}
|
||||
|
||||
return sections, nil
|
||||
}
|
||||
|
||||
var userRoles []models.UserRole
|
||||
result = db.Joins(
|
||||
"Role",
|
||||
).Find(
|
||||
&userRoles,
|
||||
fmt.Sprintf(
|
||||
"user_id = ? AND Role__%s = ?",
|
||||
permission,
|
||||
),
|
||||
userid,
|
||||
true,
|
||||
)
|
||||
|
||||
if result.RowsAffected < 1 {
|
||||
return sections, nil
|
||||
}
|
||||
|
||||
for _, userRole := range userRoles {
|
||||
sections = append(sections, userRole.SectionID)
|
||||
|
||||
var childSections []models.Section
|
||||
db.Find(
|
||||
&childSections,
|
||||
"parent_section_id = ?",
|
||||
userRole.SectionID,
|
||||
)
|
||||
|
||||
for _, childSection := range childSections {
|
||||
sections = append(sections, childSection.ID)
|
||||
}
|
||||
}
|
||||
|
||||
return sections, nil
|
||||
}
|
||||
|
||||
func PermissionsCheckSection(userid uint, permission string, section uint) (bool, error) {
|
||||
sections, err := PermissionsGetSections(userid, permission)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
|
||||
allow := false
|
||||
for _, s := range sections {
|
||||
if s == section {
|
||||
allow = true
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
return allow, nil
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue