forked from lix-project/hydra
Clean up the authorization code a bit
This commit is contained in:
parent
86e9abeb15
commit
09b5679ee7
3 changed files with 30 additions and 21 deletions
|
@ -114,10 +114,8 @@ sub edit : Chained('projectChain') PathPart Args(0) {
|
|||
|
||||
sub requireMayCreateProjects {
|
||||
my ($c) = @_;
|
||||
|
||||
requireLogin($c) if !$c->user_exists;
|
||||
|
||||
error($c, "Only administrators or authorised users can perform this operation.")
|
||||
requireUser($c);
|
||||
accessDenied($c, "Only administrators or authorised users can perform this operation.")
|
||||
unless $c->check_user_roles('admin') || $c->check_user_roles('create-projects');
|
||||
}
|
||||
|
||||
|
|
|
@ -150,7 +150,7 @@ sub currentUser :Path('/current-user') :ActionClass('REST') { }
|
|||
sub currentUser_GET {
|
||||
my ($self, $c) = @_;
|
||||
|
||||
requireLogin($c) if !$c->user_exists;
|
||||
requireUser($c);
|
||||
|
||||
$self->status_ok(
|
||||
$c,
|
||||
|
@ -166,9 +166,9 @@ sub currentUser_GET {
|
|||
sub user :Chained('/') PathPart('user') CaptureArgs(1) {
|
||||
my ($self, $c, $userName) = @_;
|
||||
|
||||
requireLogin($c) if !$c->user_exists;
|
||||
requireUser($c);
|
||||
|
||||
error($c, "You do not have permission to edit other users.")
|
||||
accessDenied($c, "You do not have permission to edit other users.")
|
||||
if $userName ne $c->user->username && !isAdmin($c);
|
||||
|
||||
$c->stash->{user} = $c->model('DB::Users')->find($userName)
|
||||
|
|
|
@ -15,8 +15,8 @@ use feature qw/switch/;
|
|||
our @ISA = qw(Exporter);
|
||||
our @EXPORT = qw(
|
||||
getBuild getPreviousBuild getNextBuild getPreviousSuccessfulBuild
|
||||
error notFound
|
||||
requireLogin requireProjectOwner requireAdmin requirePost isAdmin isProjectOwner
|
||||
error notFound accessDenied
|
||||
forceLogin requireUser requireProjectOwner requireAdmin requirePost isAdmin isProjectOwner
|
||||
trim
|
||||
getLatestFinishedEval
|
||||
sendEmail
|
||||
|
@ -102,6 +102,13 @@ sub notFound {
|
|||
}
|
||||
|
||||
|
||||
sub accessDenied {
|
||||
my ($c, $msg) = @_;
|
||||
$c->response->status(403);
|
||||
error($c, $msg);
|
||||
}
|
||||
|
||||
|
||||
sub backToReferer {
|
||||
my ($c) = @_;
|
||||
$c->response->redirect($c->session->{referer} || $c->uri_for('/'));
|
||||
|
@ -110,7 +117,7 @@ sub backToReferer {
|
|||
}
|
||||
|
||||
|
||||
sub requireLogin {
|
||||
sub forceLogin {
|
||||
my ($c) = @_;
|
||||
$c->session->{referer} = $c->request->uri;
|
||||
$c->response->redirect($c->uri_for('/login'));
|
||||
|
@ -118,36 +125,40 @@ sub requireLogin {
|
|||
}
|
||||
|
||||
|
||||
sub requireUser {
|
||||
my ($c) = @_;
|
||||
forceLogin($c) if !$c->user_exists;
|
||||
}
|
||||
|
||||
|
||||
sub isProjectOwner {
|
||||
my ($c, $project) = @_;
|
||||
|
||||
return $c->user_exists && ($c->check_user_roles('admin') || $c->user->username eq $project->owner->username || defined $c->model('DB::ProjectMembers')->find({ project => $project, userName => $c->user->username }));
|
||||
return
|
||||
$c->user_exists &&
|
||||
(isAdmin($c) ||
|
||||
$c->user->username eq $project->owner->username ||
|
||||
defined $c->model('DB::ProjectMembers')->find({ project => $project, userName => $c->user->username }));
|
||||
}
|
||||
|
||||
|
||||
sub requireProjectOwner {
|
||||
my ($c, $project) = @_;
|
||||
|
||||
requireLogin($c) if !$c->user_exists;
|
||||
|
||||
error($c, "Only the project members or administrators can perform this operation.")
|
||||
requireUser($c);
|
||||
accessDenied($c, "Only the project members or administrators can perform this operation.")
|
||||
unless isProjectOwner($c, $project);
|
||||
}
|
||||
|
||||
|
||||
sub isAdmin {
|
||||
my ($c) = @_;
|
||||
|
||||
return $c->user_exists && $c->check_user_roles('admin');
|
||||
}
|
||||
|
||||
|
||||
sub requireAdmin {
|
||||
my ($c) = @_;
|
||||
|
||||
requireLogin($c) if !$c->user_exists;
|
||||
|
||||
error($c, "Only administrators can perform this operation.")
|
||||
requireUser($c);
|
||||
accessDenied($c, "Only administrators can perform this operation.")
|
||||
unless isAdmin($c);
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue