From 3663c2f23a4e4d5edfb0e20b5bc2995dc987709e Mon Sep 17 00:00:00 2001 From: Quaternions Date: Wed, 9 Jul 2025 01:10:59 -0700 Subject: [PATCH] scripts: deduplicate permissions check --- pkg/service/script_policy.go | 30 +++-------------------- pkg/service/scripts.go | 47 +++++++++++++++--------------------- 2 files changed, 23 insertions(+), 54 deletions(-) diff --git a/pkg/service/script_policy.go b/pkg/service/script_policy.go index 771ab5c..b58c6b7 100644 --- a/pkg/service/script_policy.go +++ b/pkg/service/script_policy.go @@ -14,18 +14,10 @@ import ( // // POST /script-policy func (svc *Service) CreateScriptPolicy(ctx context.Context, req *api.ScriptPolicyCreate) (*api.ScriptPolicyID, error) { - userInfo, ok := ctx.Value("UserInfo").(UserInfoHandle) - if !ok { - return nil, ErrUserInfo - } - - has_role, err := userInfo.HasRoleScriptWrite() + err := CheckHasRoleScriptWrite(ctx) if err != nil { return nil, err } - if !has_role { - return nil, ErrPermissionDenied - } from_script, err := svc.DB.Scripts().Get(ctx, req.FromScriptID) if err != nil { @@ -99,18 +91,10 @@ func (svc *Service) ListScriptPolicy(ctx context.Context, params api.ListScriptP // // DELETE /script-policy/{ScriptPolicyID} func (svc *Service) DeleteScriptPolicy(ctx context.Context, params api.DeleteScriptPolicyParams) error { - userInfo, ok := ctx.Value("UserInfo").(UserInfoHandle) - if !ok { - return ErrUserInfo - } - - has_role, err := userInfo.HasRoleScriptWrite() + err := CheckHasRoleScriptWrite(ctx) if err != nil { return err } - if !has_role { - return ErrPermissionDenied - } return svc.DB.ScriptPolicy().Delete(ctx, params.ScriptPolicyID) } @@ -140,18 +124,10 @@ func (svc *Service) GetScriptPolicy(ctx context.Context, params api.GetScriptPol // // POST /script-policy/{ScriptPolicyID} func (svc *Service) UpdateScriptPolicy(ctx context.Context, req *api.ScriptPolicyUpdate, params api.UpdateScriptPolicyParams) error { - userInfo, ok := ctx.Value("UserInfo").(UserInfoHandle) - if !ok { - return ErrUserInfo - } - - has_role, err := userInfo.HasRoleScriptWrite() + err := CheckHasRoleScriptWrite(ctx) if err != nil { return err } - if !has_role { - return ErrPermissionDenied - } pmap := datastore.Optional() if from_script_id, ok := req.FromScriptID.Get(); ok { diff --git a/pkg/service/scripts.go b/pkg/service/scripts.go index fe3c8dc..7f8e80a 100644 --- a/pkg/service/scripts.go +++ b/pkg/service/scripts.go @@ -8,24 +8,33 @@ import ( "git.itzana.me/strafesnet/maps-service/pkg/service_inner" ) +func CheckHasRoleScriptWrite(ctx context.Context) error { + userInfo, ok := ctx.Value("UserInfo").(UserInfoHandle) + if !ok { + return ErrUserInfo + } + + has_role, err := userInfo.HasRoleScriptWrite() + if err != nil { + return err + } + if !has_role { + return ErrPermissionDeniedNeedRoleScriptWrite + } + + return nil +} + // CreateScript implements createScript operation. // // Create a new script. // // POST /scripts func (svc *Service) CreateScript(ctx context.Context, req *api.ScriptCreate) (*api.ScriptID, error) { - userInfo, ok := ctx.Value("UserInfo").(UserInfoHandle) - if !ok { - return nil, ErrUserInfo - } - - has_role, err := userInfo.HasRoleScriptWrite() + err := CheckHasRoleScriptWrite(ctx) if err != nil { return nil, err } - if !has_role { - return nil, ErrPermissionDeniedNeedRoleScriptWrite - } script, err := svc.Inner.CreateScript(ctx, model.Script{ ID: 0, @@ -100,18 +109,10 @@ func (svc *Service) ListScripts(ctx context.Context, params api.ListScriptsParam // // DELETE /scripts/{ScriptID} func (svc *Service) DeleteScript(ctx context.Context, params api.DeleteScriptParams) error { - userInfo, ok := ctx.Value("UserInfo").(UserInfoHandle) - if !ok { - return ErrUserInfo - } - - has_role, err := userInfo.HasRoleScriptWrite() + err := CheckHasRoleScriptWrite(ctx) if err != nil { return err } - if !has_role { - return ErrPermissionDeniedNeedRoleScriptWrite - } return svc.Inner.DeleteScript(ctx, params.ScriptID) } @@ -143,18 +144,10 @@ func (svc *Service) GetScript(ctx context.Context, params api.GetScriptParams) ( // // PATCH /scripts/{ScriptID} func (svc *Service) UpdateScript(ctx context.Context, req *api.ScriptUpdate, params api.UpdateScriptParams) error { - userInfo, ok := ctx.Value("UserInfo").(UserInfoHandle) - if !ok { - return ErrUserInfo - } - - has_role, err := userInfo.HasRoleScriptWrite() + err := CheckHasRoleScriptWrite(ctx) if err != nil { return err } - if !has_role { - return ErrPermissionDeniedNeedRoleScriptWrite - } name, name_ok := req.Name.Get() source, source_ok := req.Source.Get()