mirror of
https://code.sup39.dev/repos/Wqawg
synced 2024-12-28 23:14:51 +09:00
Use getBy404 in isAuthorized when it's the right thing
This commit is contained in:
fr33domlover
parent
23c06c535a
commit
d6967f52d9
1 changed files with 27 additions and 36 deletions
|
|
@ -192,12 +192,11 @@ instance Yesod App where
|
|||
else Unauthorized "No access to this operation"
|
||||
|
||||
groupRole :: (GroupRole -> Bool) -> ShrIdent -> Handler AuthResult
|
||||
groupRole role grp = personAnd $ \ (Entity pid _p) -> do
|
||||
mrole <- runDB $ runMaybeT $ do
|
||||
Entity sid _s <- MaybeT $ getBy $ UniqueSharer grp
|
||||
Entity gid _g <- MaybeT $ getBy $ UniqueGroup sid
|
||||
Entity _mid m <- MaybeT $ getBy $ UniqueGroupMember pid gid
|
||||
return $ groupMemberRole m
|
||||
groupRole role grp = personAnd $ \ (Entity pid _p) -> runDB $ do
|
||||
Entity sid _s <- getBy404 $ UniqueSharer grp
|
||||
Entity gid _g <- getBy404 $ UniqueGroup sid
|
||||
mem <- getBy $ UniqueGroupMember pid gid
|
||||
let mrole = groupMemberRole . entityVal <$> mem
|
||||
return $ case mrole of
|
||||
Nothing -> Unauthorized "Not a member of the group"
|
||||
Just r ->
|
||||
|
|
@ -210,37 +209,29 @@ instance Yesod App where
|
|||
|
||||
personOrGroupAdmin :: ShrIdent -> Handler AuthResult
|
||||
personOrGroupAdmin shr = personAnd $ \ (Entity vpid _vp) -> runDB $ do
|
||||
mes <- getBy $ UniqueSharer shr
|
||||
case mes of
|
||||
Nothing -> return $ Unauthorized "No such sharer"
|
||||
Just (Entity sid _) -> do
|
||||
mep <- getBy $ UniquePersonIdent sid
|
||||
case mep of
|
||||
Just (Entity pid _p) ->
|
||||
return $ if pid == vpid
|
||||
then Authorized
|
||||
else
|
||||
Unauthorized
|
||||
"Can’t access other people’s roles"
|
||||
Entity sid _ <- getBy404 $ UniqueSharer shr
|
||||
mep <- getBy $ UniquePersonIdent sid
|
||||
case mep of
|
||||
Just (Entity pid _p) ->
|
||||
return $ if pid == vpid
|
||||
then Authorized
|
||||
else Unauthorized "Can’t access other people’s roles"
|
||||
Nothing -> do
|
||||
meg <- getBy $ UniqueGroup sid
|
||||
case meg of
|
||||
Nothing -> do
|
||||
meg <- getBy $ UniqueGroup sid
|
||||
case meg of
|
||||
Nothing -> do
|
||||
$logWarn $
|
||||
"Found non-person non-group \
|
||||
\sharer: " <> shr2text shr
|
||||
return $ Unauthorized "Zombine sharer"
|
||||
Just (Entity gid _g) -> do
|
||||
mem <- getBy $ UniqueGroupMember vpid gid
|
||||
return $ case mem of
|
||||
Nothing ->
|
||||
Unauthorized "Not a group member"
|
||||
Just (Entity _mid m) ->
|
||||
if groupMemberRole m == GRAdmin
|
||||
then Authorized
|
||||
else
|
||||
Unauthorized
|
||||
"Not a group admin"
|
||||
$logWarn $
|
||||
"Found non-person non-group sharer: " <>
|
||||
shr2text shr
|
||||
return $ error "Zombie sharer"
|
||||
Just (Entity gid _g) -> do
|
||||
mem <- getBy $ UniqueGroupMember vpid gid
|
||||
return $ case mem of
|
||||
Nothing -> Unauthorized "Not a group member"
|
||||
Just (Entity _mid m) ->
|
||||
if groupMemberRole m == GRAdmin
|
||||
then Authorized
|
||||
else Unauthorized "Not a group admin"
|
||||
|
||||
projOp
|
||||
:: ProjectOperation -> ShrIdent -> PrjIdent -> Handler AuthResult
|
||||
|
|
|
|||
Loading…
Reference in a new issue