forked from authentricity/authentricity
63 lines
1.2 KiB
Go
63 lines
1.2 KiB
Go
package webui
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
|
|
"github.com/google/uuid"
|
|
"github.com/lestrrat-go/jwx/v2/jwt/openid"
|
|
)
|
|
|
|
func getTokenGroupIDs(tok openid.Token) ([]string, error) {
|
|
groupsIfc, ok := tok.Get("authentricity.groups")
|
|
if !ok {
|
|
return nil, nil
|
|
}
|
|
|
|
groups, ok := groupsIfc.([]interface{})
|
|
if !ok {
|
|
return nil, fmt.Errorf("Groups element of token of invalid type: %+v", groups)
|
|
}
|
|
|
|
groupsStr := make([]string, len(groups))
|
|
for i := range groups {
|
|
groupsStr[i], ok = groups[i].(string)
|
|
if !ok {
|
|
return nil, fmt.Errorf("Group entry of incorrect type: %+v", groups[i])
|
|
}
|
|
}
|
|
|
|
return groupsStr, nil
|
|
}
|
|
|
|
func (s *Service) isInGroup(ctx context.Context, id uuid.UUID) bool {
|
|
tok := getUserToken(ctx)
|
|
groupsIfc, ok := tok.Get("authentricity.groups")
|
|
if !ok {
|
|
return false
|
|
}
|
|
|
|
groups, ok := groupsIfc.([]interface{})
|
|
if !ok {
|
|
return false
|
|
}
|
|
|
|
gid := id.String()
|
|
for _, g := range groups {
|
|
if g == gid {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
func (s *Service) isAdmin(ctx context.Context) bool {
|
|
return s.isInGroup(ctx, s.adminGroup)
|
|
}
|
|
|
|
func (s *Service) canEditEntity(ctx context.Context, id uuid.UUID) bool {
|
|
tok := getUserToken(ctx)
|
|
|
|
return tok.Subject() == id.String() || s.isAdmin(ctx)
|
|
}
|