snaakey/hydra
0
0
Fork 0
forked from lix-project/hydra
Code Pull requests Activity

Clean up the authorization code a bit

Browse source
This commit is contained in:
Eelco Dolstra 2013-10-14 18:01:04 +02:00
parent 86e9abeb15
commit 09b5679ee7
3 changed files with 30 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/lib/Hydra/Controller/Project.pm
View file

@ -114,10 +114,8 @@ sub edit : Chained('projectChain') PathPart Args(0) {
sub requireMayCreateProjects { sub requireMayCreateProjects {
my ($c) = @_; my ($c) = @_;
requireUser($c);
requireLogin($c) if !$c->user_exists; accessDenied($c, "Only administrators or authorised users can perform this operation.")
error($c, "Only administrators or authorised users can perform this operation.")
unless $c->check_user_roles('admin') || $c->check_user_roles('create-projects'); unless $c->check_user_roles('admin') || $c->check_user_roles('create-projects');
} }

6
src/lib/Hydra/Controller/User.pm
View file

@ -150,7 +150,7 @@ sub currentUser :Path('/current-user') :ActionClass('REST') { }
sub currentUser_GET { sub currentUser_GET {
my ($self, $c) = @_; my ($self, $c) = @_;
requireLogin($c) if !$c->user_exists; requireUser($c);
$self->status_ok( $self->status_ok(
$c, $c,
@ -166,9 +166,9 @@ sub currentUser_GET {
sub user :Chained('/') PathPart('user') CaptureArgs(1) { sub user :Chained('/') PathPart('user') CaptureArgs(1) {
my ($self, $c, $userName) = @_; my ($self, $c, $userName) = @_;
requireLogin($c) if !$c->user_exists; requireUser($c);
error($c, "You do not have permission to edit other users.") accessDenied($c, "You do not have permission to edit other users.")
if $userName ne $c->user->username && !isAdmin($c); if $userName ne $c->user->username && !isAdmin($c);
$c->stash->{user} = $c->model('DB::Users')->find($userName) $c->stash->{user} = $c->model('DB::Users')->find($userName)

39
src/lib/Hydra/Helper/CatalystUtils.pm
View file

@ -15,8 +15,8 @@ use feature qw/switch/;
our @ISA = qw(Exporter); our @ISA = qw(Exporter);
our @EXPORT = qw( our @EXPORT = qw(
getBuild getPreviousBuild getNextBuild getPreviousSuccessfulBuild getBuild getPreviousBuild getNextBuild getPreviousSuccessfulBuild
error notFound error notFound accessDenied
requireLogin requireProjectOwner requireAdmin requirePost isAdmin isProjectOwner forceLogin requireUser requireProjectOwner requireAdmin requirePost isAdmin isProjectOwner
trim trim
getLatestFinishedEval getLatestFinishedEval
sendEmail sendEmail
@ -102,6 +102,13 @@ sub notFound {
} }
sub accessDenied {
my ($c, $msg) = @_;
$c->response->status(403);
error($c, $msg);
}
sub backToReferer { sub backToReferer {
my ($c) = @_; my ($c) = @_;
$c->response->redirect($c->session->{referer} || $c->uri_for('/')); $c->response->redirect($c->session->{referer} || $c->uri_for('/'));
@ -110,7 +117,7 @@ sub backToReferer {
} }
sub requireLogin { sub forceLogin {
my ($c) = @_; my ($c) = @_;
$c->session->{referer} = $c->request->uri; $c->session->{referer} = $c->request->uri;
$c->response->redirect($c->uri_for('/login')); $c->response->redirect($c->uri_for('/login'));
@ -118,36 +125,40 @@ sub requireLogin {
} }
sub requireUser {
my ($c) = @_;
forceLogin($c) if !$c->user_exists;
}
sub isProjectOwner { sub isProjectOwner {
my ($c, $project) = @_; my ($c, $project) = @_;
return
return $c->user_exists && ($c->check_user_roles('admin') || $c->user->username eq $project->owner->username || defined $c->model('DB::ProjectMembers')->find({ project => $project, userName => $c->user->username })); $c->user_exists &&
(isAdmin($c) ||
$c->user->username eq $project->owner->username ||
defined $c->model('DB::ProjectMembers')->find({ project => $project, userName => $c->user->username }));
} }
sub requireProjectOwner { sub requireProjectOwner {
my ($c, $project) = @_; my ($c, $project) = @_;
requireUser($c);
requireLogin($c) if !$c->user_exists; accessDenied($c, "Only the project members or administrators can perform this operation.")
error($c, "Only the project members or administrators can perform this operation.")
unless isProjectOwner($c, $project); unless isProjectOwner($c, $project);
} }
sub isAdmin { sub isAdmin {
my ($c) = @_; my ($c) = @_;
return $c->user_exists && $c->check_user_roles('admin'); return $c->user_exists && $c->check_user_roles('admin');
} }
sub requireAdmin { sub requireAdmin {
my ($c) = @_; my ($c) = @_;
requireUser($c);
requireLogin($c) if !$c->user_exists; accessDenied($c, "Only administrators can perform this operation.")
error($c, "Only administrators can perform this operation.")
unless isAdmin($c); unless isAdmin($c);
} }