Clean up the authorization code a bit

This commit is contained in:
Eelco Dolstra 2013-10-14 18:01:04 +02:00
parent 86e9abeb15
commit 09b5679ee7
3 changed files with 30 additions and 21 deletions

View file

@ -114,10 +114,8 @@ sub edit : Chained('projectChain') PathPart Args(0) {
sub requireMayCreateProjects {
my ($c) = @_;
requireLogin($c) if !$c->user_exists;
error($c, "Only administrators or authorised users can perform this operation.")
requireUser($c);
accessDenied($c, "Only administrators or authorised users can perform this operation.")
unless $c->check_user_roles('admin') || $c->check_user_roles('create-projects');
}

View file

@ -150,7 +150,7 @@ sub currentUser :Path('/current-user') :ActionClass('REST') { }
sub currentUser_GET {
my ($self, $c) = @_;
requireLogin($c) if !$c->user_exists;
requireUser($c);
$self->status_ok(
$c,
@ -166,9 +166,9 @@ sub currentUser_GET {
sub user :Chained('/') PathPart('user') CaptureArgs(1) {
my ($self, $c, $userName) = @_;
requireLogin($c) if !$c->user_exists;
requireUser($c);
error($c, "You do not have permission to edit other users.")
accessDenied($c, "You do not have permission to edit other users.")
if $userName ne $c->user->username && !isAdmin($c);
$c->stash->{user} = $c->model('DB::Users')->find($userName)

View file

@ -15,8 +15,8 @@ use feature qw/switch/;
our @ISA = qw(Exporter);
our @EXPORT = qw(
getBuild getPreviousBuild getNextBuild getPreviousSuccessfulBuild
error notFound
requireLogin requireProjectOwner requireAdmin requirePost isAdmin isProjectOwner
error notFound accessDenied
forceLogin requireUser requireProjectOwner requireAdmin requirePost isAdmin isProjectOwner
trim
getLatestFinishedEval
sendEmail
@ -102,6 +102,13 @@ sub notFound {
}
sub accessDenied {
my ($c, $msg) = @_;
$c->response->status(403);
error($c, $msg);
}
sub backToReferer {
my ($c) = @_;
$c->response->redirect($c->session->{referer} || $c->uri_for('/'));
@ -110,7 +117,7 @@ sub backToReferer {
}
sub requireLogin {
sub forceLogin {
my ($c) = @_;
$c->session->{referer} = $c->request->uri;
$c->response->redirect($c->uri_for('/login'));
@ -118,36 +125,40 @@ sub requireLogin {
}
sub requireUser {
my ($c) = @_;
forceLogin($c) if !$c->user_exists;
}
sub isProjectOwner {
my ($c, $project) = @_;
return $c->user_exists && ($c->check_user_roles('admin') || $c->user->username eq $project->owner->username || defined $c->model('DB::ProjectMembers')->find({ project => $project, userName => $c->user->username }));
return
$c->user_exists &&
(isAdmin($c) ||
$c->user->username eq $project->owner->username ||
defined $c->model('DB::ProjectMembers')->find({ project => $project, userName => $c->user->username }));
}
sub requireProjectOwner {
my ($c, $project) = @_;
requireLogin($c) if !$c->user_exists;
error($c, "Only the project members or administrators can perform this operation.")
requireUser($c);
accessDenied($c, "Only the project members or administrators can perform this operation.")
unless isProjectOwner($c, $project);
}
sub isAdmin {
my ($c) = @_;
return $c->user_exists && $c->check_user_roles('admin');
}
sub requireAdmin {
my ($c) = @_;
requireLogin($c) if !$c->user_exists;
error($c, "Only administrators can perform this operation.")
requireUser($c);
accessDenied($c, "Only administrators can perform this operation.")
unless isAdmin($c);
}