make insights depend on security and refactor access granting
parent
2acdad4e18
commit
0aec2e9579
|
@ -58,21 +58,19 @@ object Insight extends LilaController {
|
|||
|
||||
private def Accessible(username: String)(f: lila.user.User => Fu[Result])(implicit ctx: Context) =
|
||||
lila.user.UserRepo named username flatMap {
|
||||
case None => notFound
|
||||
case Some(u) => env.share.grant(u, ctx.me) flatMap {
|
||||
case true => f(u)
|
||||
case false if isGranted(_.SeeInsight) => f(u)
|
||||
case false => fuccess(Forbidden(html.insight.forbidden(u)))
|
||||
_.fold(notFound) { u =>
|
||||
env.share.grant(u, ctx.me) flatMap {
|
||||
_.fold(f(u), fuccess(Forbidden(html.insight.forbidden(u))))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private def AccessibleJson(username: String)(f: lila.user.User => Fu[Result])(implicit ctx: Context) =
|
||||
lila.user.UserRepo named username flatMap {
|
||||
case None => notFoundJson(s"No such user: $username")
|
||||
case Some(u) => env.share.grant(u, ctx.me) flatMap {
|
||||
case true => f(u)
|
||||
case false if isGranted(_.SeeInsight) => f(u)
|
||||
case false => fuccess(Forbidden(Json.obj("error" -> s"User $username data is protected")))
|
||||
_.fold(notFoundJson(s"No such user: $username")) { u =>
|
||||
env.share.grant(u, ctx.me) flatMap {
|
||||
_.fold(f(u), fuccess(Forbidden(Json.obj("error" -> s"User $username data is protected"))))
|
||||
}
|
||||
}
|
||||
} map (_ as JSON)
|
||||
}
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
package lila.insight
|
||||
|
||||
import lila.pref.Pref
|
||||
import lila.security.Granter
|
||||
import lila.user.User
|
||||
|
||||
final class Share(
|
||||
|
@ -9,12 +10,14 @@ final class Share(
|
|||
|
||||
def getPrefId(insighted: User) = getPref(insighted.id) map (_.insightShare)
|
||||
|
||||
def grant(insighted: User, to: Option[User]): Fu[Boolean] = getPref(insighted.id) flatMap { pref =>
|
||||
pref.insightShare match {
|
||||
case _ if to.contains(insighted) => fuccess(true)
|
||||
case Pref.InsightShare.EVERYBODY => fuccess(true)
|
||||
case Pref.InsightShare.FRIENDS => to ?? { t => areFriends(insighted.id, t.id) }
|
||||
case Pref.InsightShare.NOBODY => fuccess(false)
|
||||
def grant(insighted: User, to: Option[User]): Fu[Boolean] =
|
||||
if (to ?? Granter(_.SeeInsight)) fuccess(true)
|
||||
else getPref(insighted.id) flatMap { pref =>
|
||||
pref.insightShare match {
|
||||
case _ if to.contains(insighted) => fuccess(true)
|
||||
case Pref.InsightShare.EVERYBODY => fuccess(true)
|
||||
case Pref.InsightShare.FRIENDS => to ?? { t => areFriends(insighted.id, t.id) }
|
||||
case Pref.InsightShare.NOBODY => fuccess(false)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -190,7 +190,7 @@ object ApplicationBuild extends Build {
|
|||
)
|
||||
|
||||
lazy val insight = project("insight",
|
||||
Seq(common, chess, game, user, analyse, relation, pref, socket, round)
|
||||
Seq(common, chess, game, user, analyse, relation, pref, socket, round, security)
|
||||
).settings(
|
||||
libraryDependencies ++= provided(play.api, RM, PRM)
|
||||
)
|
||||
|
|
Loading…
Reference in New Issue