-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathpermissions.go
More file actions
85 lines (74 loc) · 1.96 KB
/
Copy pathpermissions.go
File metadata and controls
85 lines (74 loc) · 1.96 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
package main
import (
"strings"
)
func checkAdmin(fingerprint string, devices []Device, users []User) bool {
// Load devices and users
if devices == nil {
devices, _ = deviceStore.LoadDevices(true)
}
if users == nil {
users, _ = userStore.LoadUsers(true)
}
for _, device := range devices {
// Match fingerprint and check not revoked
if strings.EqualFold(device.CertFingerprint, fingerprint) && !device.Revoked {
// Check if user tied to device is admin
for _, user := range users {
if user.Username == device.OwnerUser && checkPermission(fingerprint, Permissions.SystemAdmin, devices, users) {
for _, role := range user.Permissions {
if role == Permissions.SystemAdmin {
return true
}
}
}
}
}
}
return false
}
func checkPermission(fingerprint string, permission string, devices []Device, users []User) bool {
// Load devices and users
if devices == nil {
devices, _ = deviceStore.LoadDevices(true)
}
if users == nil {
users, _ = userStore.LoadUsers(true)
}
for _, device := range devices {
if strings.EqualFold(device.CertFingerprint, fingerprint) && !device.Revoked {
for _, user := range users {
if user.Username == device.OwnerUser {
for _, role := range user.Permissions {
if role == Permissions.SystemAdmin || role == permission {
return true
}
}
}
}
}
}
return false
}
func getPermissions(fingerprint string, devices []Device, users []User) []string {
// Load devices and users
if devices == nil {
devices, _ = deviceStore.LoadDevices(true)
}
if users == nil {
users, _ = userStore.LoadUsers(true)
}
permissions := []string{}
for _, device := range devices {
if strings.EqualFold(device.CertFingerprint, fingerprint) && !device.Revoked {
for _, user := range users {
if user.Username == device.OwnerUser {
for _, role := range user.Permissions {
permissions = append(permissions, role)
}
}
}
}
}
return permissions
}