package auth import ( "github.com/gin-gonic/gin" "kumoly.io/kumoly/app/errors" ) const ( SYS_AUTH_PREFIX = "*" SYSTEM = SYS_AUTH_PREFIX + "system" ADMIN = SYS_AUTH_PREFIX + "admin" USER = SYS_AUTH_PREFIX + "user" ) // ACHas access control has returns if the user is in group func ACHas(c *gin.Context, grps ...string) bool { cliams, err := GetContextClaims(c) if err != nil { return false } return cliams.HasGroup(grps...) } // ACMust access control as middleware, panics if not in group func ACMust(grps ...string) func(c *gin.Context) { return func(c *gin.Context) { cliams, err := GetContextClaims(c) if err != nil { panic(err) } if cliams.HasGroup(grps...) { c.Next() } else { panic(errors.ErrorForbidden) } } } // ACSystem shorthand for ACMust(SYSTEM) func ACSystem() func(c *gin.Context) { return ACMust(SYSTEM) } // ACAdmin shorthand for ACMust(ADMIN) func ACAdmin() func(c *gin.Context) { return ACMust(SYSTEM, ADMIN) } // ACUser shorthand for ACMust(USER) func ACUser() func(c *gin.Context) { return ACMust(SYSTEM, ADMIN, USER) }