Auth CLI, continued
This commit is contained in:
Philipp Heckel
parent
03a4e3e8e9
commit
393f95aeac
6 changed files with 183 additions and 43 deletions
38
cmd/user.go
38
cmd/user.go
|
|
@ -69,7 +69,7 @@ var cmdUser = &cli.Command{
|
|||
Name: "list",
|
||||
Aliases: []string{"chr"},
|
||||
Usage: "change user role",
|
||||
Action: execUserChangeRole,
|
||||
Action: execUserList,
|
||||
},
|
||||
},
|
||||
}
|
||||
|
|
@ -150,6 +150,42 @@ func execUserChangeRole(c *cli.Context) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func execUserList(c *cli.Context) error {
|
||||
manager, err := createAuthManager(c)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
users, err := manager.Users()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return showUsers(c, users)
|
||||
}
|
||||
|
||||
func showUsers(c *cli.Context, users []*auth.User) error {
|
||||
for _, user := range users {
|
||||
fmt.Fprintf(c.App.Writer, "User %s (%s)\n", user.Name, user.Role)
|
||||
if user.Role == auth.RoleAdmin {
|
||||
fmt.Fprintf(c.App.ErrWriter, "- read-write access to all topics (admin role)\n")
|
||||
} else if len(user.Grants) > 0 {
|
||||
for _, grant := range user.Grants {
|
||||
if grant.Read && grant.Write {
|
||||
fmt.Fprintf(c.App.ErrWriter, "- read-write access to topic %s\n", grant.Topic)
|
||||
} else if grant.Read {
|
||||
fmt.Fprintf(c.App.ErrWriter, "- read-only access to topic %s\n", grant.Topic)
|
||||
} else if grant.Write {
|
||||
fmt.Fprintf(c.App.ErrWriter, "- write-only access to topic %s\n", grant.Topic)
|
||||
} else {
|
||||
fmt.Fprintf(c.App.ErrWriter, "- no access to topic %s\n", grant.Topic)
|
||||
}
|
||||
}
|
||||
} else {
|
||||
fmt.Fprintf(c.App.ErrWriter, "- no topic-specific permissions\n")
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func createAuthManager(c *cli.Context) (auth.Manager, error) {
|
||||
authFile := c.String("auth-file")
|
||||
authDefaultAccess := c.String("auth-default-access")
|
||||
|
|
|
|||
|
|
@ -8,6 +8,10 @@ import (
|
|||
"heckel.io/ntfy/util"
|
||||
)
|
||||
|
||||
const (
|
||||
userEveryone = "everyone"
|
||||
)
|
||||
|
||||
var flagsAllow = append(
|
||||
userCommandFlags(),
|
||||
&cli.BoolFlag{Name: "reset", Aliases: []string{"r"}, Usage: "reset access for user (and topic)"},
|
||||
|
|
@ -16,7 +20,7 @@ var flagsAllow = append(
|
|||
var cmdAllow = &cli.Command{
|
||||
Name: "allow",
|
||||
Usage: "Grant a user access to a topic",
|
||||
UsageText: "ntfy allow USERNAME TOPIC [read-write|read-only|write-only]",
|
||||
UsageText: "ntfy allow USERNAME TOPIC [read-write|read-only|write-only|none]",
|
||||
Flags: flagsAllow,
|
||||
Before: initConfigFileInputSource("config", flagsAllow),
|
||||
Action: execUserAllow,
|
||||
|
|
@ -32,14 +36,14 @@ func execUserAllow(c *cli.Context) error {
|
|||
return errors.New("username expected, type 'ntfy allow --help' for help")
|
||||
} else if !reset && topic == "" {
|
||||
return errors.New("topic expected, type 'ntfy allow --help' for help")
|
||||
} else if !util.InStringList([]string{"", "read-write", "read-only", "read", "ro", "write-only", "write", "wo", "none"}, perms) {
|
||||
} else if !util.InStringList([]string{"", "read-write", "rw", "read-only", "read", "ro", "write-only", "write", "wo", "none"}, perms) {
|
||||
return errors.New("permission must be one of: read-write, read-only, write-only, or none (or the aliases: read, ro, write, wo)")
|
||||
}
|
||||
if username == "everyone" {
|
||||
if username == userEveryone {
|
||||
username = ""
|
||||
}
|
||||
read := util.InStringList([]string{"", "read-write", "read-only", "read", "ro"}, perms)
|
||||
write := util.InStringList([]string{"", "read-write", "write-only", "write", "wo"}, perms)
|
||||
read := util.InStringList([]string{"", "read-write", "rw", "read-only", "read", "ro"}, perms)
|
||||
write := util.InStringList([]string{"", "read-write", "rw", "write-only", "write", "wo"}, perms)
|
||||
manager, err := createAuthManager(c)
|
||||
if err != nil {
|
||||
return err
|
||||
|
|
@ -56,26 +60,31 @@ func doAccessAllow(c *cli.Context, manager auth.Manager, username string, topic
|
|||
}
|
||||
if username == "" {
|
||||
if read && write {
|
||||
fmt.Fprintf(c.App.ErrWriter, "Anonymous users granted full access to topic %s\n", topic)
|
||||
fmt.Fprintf(c.App.Writer, "Anonymous users granted full access to topic %s\n", topic)
|
||||
} else if read {
|
||||
fmt.Fprintf(c.App.ErrWriter, "Anonymous users granted read-only access to topic %s\n", topic)
|
||||
fmt.Fprintf(c.App.Writer, "Anonymous users granted read-only access to topic %s\n", topic)
|
||||
} else if write {
|
||||
fmt.Fprintf(c.App.ErrWriter, "Anonymous users granted write-only access to topic %s\n", topic)
|
||||
fmt.Fprintf(c.App.Writer, "Anonymous users granted write-only access to topic %s\n", topic)
|
||||
} else {
|
||||
fmt.Fprintf(c.App.ErrWriter, "Revoked all access to topic %s for all anonymous users\n", topic)
|
||||
fmt.Fprintf(c.App.Writer, "Revoked all access to topic %s for all anonymous users\n", topic)
|
||||
}
|
||||
} else {
|
||||
if read && write {
|
||||
fmt.Fprintf(c.App.ErrWriter, "User %s now has read-write access to topic %s\n", username, topic)
|
||||
fmt.Fprintf(c.App.Writer, "User %s now has read-write access to topic %s\n", username, topic)
|
||||
} else if read {
|
||||
fmt.Fprintf(c.App.ErrWriter, "User %s now has read-only access to topic %s\n", username, topic)
|
||||
fmt.Fprintf(c.App.Writer, "User %s now has read-only access to topic %s\n", username, topic)
|
||||
} else if write {
|
||||
fmt.Fprintf(c.App.ErrWriter, "User %s now has write-only access to topic %s\n", username, topic)
|
||||
fmt.Fprintf(c.App.Writer, "User %s now has write-only access to topic %s\n", username, topic)
|
||||
} else {
|
||||
fmt.Fprintf(c.App.ErrWriter, "Revoked all access to topic %s for user %s\n", topic, username)
|
||||
fmt.Fprintf(c.App.Writer, "Revoked all access to topic %s for user %s\n", topic, username)
|
||||
}
|
||||
}
|
||||
return nil
|
||||
user, err := manager.User(username)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
fmt.Fprintln(c.App.Writer)
|
||||
return showUsers(c, []*auth.User{user})
|
||||
}
|
||||
|
||||
func doAccessReset(c *cli.Context, manager auth.Manager, username, topic string) error {
|
||||
|
|
@ -84,15 +93,15 @@ func doAccessReset(c *cli.Context, manager auth.Manager, username, topic string)
|
|||
}
|
||||
if username == "" {
|
||||
if topic == "" {
|
||||
fmt.Fprintln(c.App.ErrWriter, "Reset access for all anonymous users and all topics")
|
||||
fmt.Fprintln(c.App.Writer, "Reset access for all anonymous users and all topics")
|
||||
} else {
|
||||
fmt.Fprintf(c.App.ErrWriter, "Reset access to topic %s for all anonymous users\n", topic)
|
||||
fmt.Fprintf(c.App.Writer, "Reset access to topic %s for all anonymous users\n", topic)
|
||||
}
|
||||
} else {
|
||||
if topic == "" {
|
||||
fmt.Fprintf(c.App.ErrWriter, "Reset access for user %s to all topics\n", username)
|
||||
fmt.Fprintf(c.App.Writer, "Reset access for user %s to all topics\n", username)
|
||||
} else {
|
||||
fmt.Fprintf(c.App.ErrWriter, "Reset access for user %s and topic %s\n", username, topic)
|
||||
fmt.Fprintf(c.App.Writer, "Reset access for user %s and topic %s\n", username, topic)
|
||||
}
|
||||
}
|
||||
return nil
|
||||
|
|
|
|||
|
|
@ -20,11 +20,11 @@ func execUserDeny(c *cli.Context) error {
|
|||
username := c.Args().Get(0)
|
||||
topic := c.Args().Get(1)
|
||||
if username == "" {
|
||||
return errors.New("username expected, type 'ntfy allow --help' for help")
|
||||
return errors.New("username expected, type 'ntfy deny --help' for help")
|
||||
} else if topic == "" {
|
||||
return errors.New("topic expected, type 'ntfy allow --help' for help")
|
||||
return errors.New("topic expected, type 'ntfy deny --help' for help")
|
||||
}
|
||||
if username == "everyone" {
|
||||
if username == userEveryone {
|
||||
username = ""
|
||||
}
|
||||
manager, err := createAuthManager(c)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue