mirror of
https://github.com/osmarks/mycorrhiza.git
synced 2024-10-30 03:36:16 +00:00
100 lines
2.1 KiB
Go
100 lines
2.1 KiB
Go
|
package user
|
||
|
|
||
|
import (
|
||
|
"encoding/json"
|
||
|
"io/ioutil"
|
||
|
"log"
|
||
|
|
||
|
"github.com/bouncepaw/mycorrhiza/util"
|
||
|
)
|
||
|
|
||
|
type FixedUserStorage struct {
|
||
|
Users []*User
|
||
|
}
|
||
|
|
||
|
var UserStorage = FixedUserStorage{}
|
||
|
|
||
|
func PopulateFixedUserStorage() {
|
||
|
contents, err := ioutil.ReadFile(util.FixedCredentialsPath)
|
||
|
if err != nil {
|
||
|
log.Fatal(err)
|
||
|
}
|
||
|
err = json.Unmarshal(contents, &UserStorage.Users)
|
||
|
if err != nil {
|
||
|
log.Fatal(err)
|
||
|
}
|
||
|
for _, user := range UserStorage.Users {
|
||
|
user.Group = groupFromString(user.GroupString)
|
||
|
}
|
||
|
log.Println("Found", len(UserStorage.Users), "fixed users")
|
||
|
}
|
||
|
|
||
|
// AuthUsed shows if a method of authentication is used. You should set it by yourself.
|
||
|
var AuthUsed bool
|
||
|
|
||
|
// User is a user.
|
||
|
type User struct {
|
||
|
// Name is a username. It must follow hypha naming rules.
|
||
|
Name string `json:"name"`
|
||
|
// Group the user is part of.
|
||
|
Group UserGroup `json:"-"`
|
||
|
GroupString string `json:"group"`
|
||
|
Password string `json:"password"`
|
||
|
}
|
||
|
|
||
|
func groupFromString(s string) UserGroup {
|
||
|
switch s {
|
||
|
case "admin":
|
||
|
return UserAdmin
|
||
|
case "moderator":
|
||
|
return UserModerator
|
||
|
case "trusted":
|
||
|
return UserTrusted
|
||
|
case "editor":
|
||
|
return UserEditor
|
||
|
default:
|
||
|
log.Fatal("Unknown user group", s)
|
||
|
return UserAnon
|
||
|
}
|
||
|
}
|
||
|
|
||
|
// UserGroup represents a group that a user is part of.
|
||
|
type UserGroup int
|
||
|
|
||
|
const (
|
||
|
// UserAnon is the default user group which all unauthorized visitors have.
|
||
|
UserAnon UserGroup = iota
|
||
|
// UserEditor is a user who can edit and upload stuff.
|
||
|
UserEditor
|
||
|
// UserTrusted is a trusted editor who can also rename stuff.
|
||
|
UserTrusted
|
||
|
// UserModerator is a moderator who can also delete stuff.
|
||
|
UserModerator
|
||
|
// UserAdmin can do everything.
|
||
|
UserAdmin
|
||
|
)
|
||
|
|
||
|
var minimalRights = map[string]UserGroup{
|
||
|
"edit": UserEditor,
|
||
|
"upload-binary": UserEditor,
|
||
|
"upload-text": UserEditor,
|
||
|
"rename-ask": UserTrusted,
|
||
|
"rename-confirm": UserTrusted,
|
||
|
"delete-ask": UserModerator,
|
||
|
"delete-confirm": UserModerator,
|
||
|
"reindex": UserAdmin,
|
||
|
}
|
||
|
|
||
|
func (ug UserGroup) CanAccessRoute(route string) bool {
|
||
|
if !AuthUsed {
|
||
|
return true
|
||
|
}
|
||
|
if minimalRight, ok := minimalRights[route]; ok {
|
||
|
if ug >= minimalRight {
|
||
|
return true
|
||
|
}
|
||
|
return false
|
||
|
}
|
||
|
return true
|
||
|
}
|