2021-12-16 04:11:33 +00:00
|
|
|
package auth
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"github.com/gin-gonic/gin"
|
|
|
|
|
"kumoly.io/kumoly/app/errors"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
SYS_AUTH_PREFIX = "*"
|
|
|
|
|
SYSTEM = SYS_AUTH_PREFIX + "system"
|
|
|
|
|
ADMIN = SYS_AUTH_PREFIX + "admin"
|
|
|
|
|
USER = SYS_AUTH_PREFIX + "user"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// ACHas access control has returns if the user is in group
|
|
|
|
|
func ACHas(c *gin.Context, grps ...string) bool {
|
|
|
|
|
cliams, err := GetContextClaims(c)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
return cliams.HasGroup(grps...)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// ACMust access control as middleware, panics if not in group
|
|
|
|
|
func ACMust(grps ...string) func(c *gin.Context) {
|
|
|
|
|
return func(c *gin.Context) {
|
|
|
|
|
cliams, err := GetContextClaims(c)
|
|
|
|
|
if err != nil {
|
|
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
if cliams.HasGroup(grps...) {
|
|
|
|
|
c.Next()
|
|
|
|
|
} else {
|
|
|
|
|
panic(errors.ErrorForbidden)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// ACSystem shorthand for ACMust(SYSTEM)
|
|
|
|
|
func ACSystem() func(c *gin.Context) {
|
|
|
|
|
return ACMust(SYSTEM)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// ACAdmin shorthand for ACMust(ADMIN)
|
|
|
|
|
func ACAdmin() func(c *gin.Context) {
|
2021-12-17 21:11:02 +00:00
|
|
|
return ACMust(SYSTEM, ADMIN)
|
2021-12-16 04:11:33 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// ACUser shorthand for ACMust(USER)
|
|
|
|
|
func ACUser() func(c *gin.Context) {
|
2021-12-17 21:11:02 +00:00
|
|
|
return ACMust(SYSTEM, ADMIN, USER)
|
2021-12-16 04:11:33 +00:00
|
|
|
}
|
