add(messaging): check service access permissions
This commit is contained in:
Mitja Zivkovic
18
messaging/rest/middleware.go
Normal file
18
messaging/rest/middleware.go
Normal file
@@ -0,0 +1,18 @@
|
||||
package rest
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"github.com/crusttech/crust/messaging/service"
|
||||
)
|
||||
|
||||
func middlewareAllowedAccess(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
if !service.DefaultPermissions.With(r.Context()).CanAccessMessaging() {
|
||||
http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
|
||||
next.ServeHTTP(w, r)
|
||||
})
|
||||
}
|
||||
@@ -18,6 +18,7 @@ func MountRoutes() func(chi.Router) {
|
||||
// Protect all _private_ routes
|
||||
r.Group(func(r chi.Router) {
|
||||
r.Use(auth.MiddlewareValidOnly)
|
||||
r.Use(middlewareAllowedAccess)
|
||||
|
||||
handlers.NewChannel(Channel{}.New()).MountRoutes(r)
|
||||
handlers.NewMessage(Message{}.New()).MountRoutes(r)
|
||||
|
||||
@@ -42,7 +42,12 @@ func TestPermissions(t *testing.T) {
|
||||
ctx = auth.SetIdentityToContext(ctx, user)
|
||||
|
||||
// Generate services.
|
||||
channelSvc := Channel().With(ctx)
|
||||
channelSvc := (&channel{
|
||||
usr: systemService.User(),
|
||||
evl: Event(),
|
||||
prm: Permissions(),
|
||||
}).With(ctx)
|
||||
|
||||
permissionsSvc := Permissions().With(ctx)
|
||||
systemPermissionSvc := systemService.Permissions().With(ctx)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user