Replace read/write flags with Permission

2023-01-02 21:12:42 -05:00 · 2023-01-02 21:12:42 -05:00 · 4b9d40464c
commit 4b9d40464c
parent 1733323132
13 changed files with 194 additions and 152 deletions
--- a/cmd/access.go
+++ b/cmd/access.go
@ -192,11 +192,11 @@ func showUsers(c *cli.Context, manager *user.Manager, users []*user.User) error
 			fmt.Fprintf(c.App.ErrWriter, "- read-write access to all topics (admin role)\n")
 		} else if len(grants) > 0 {
 			for _, grant := range grants {
-				if grant.AllowRead && grant.AllowWrite {
+				if grant.Allow.IsReadWrite() {
 					fmt.Fprintf(c.App.ErrWriter, "- read-write access to topic %s\n", grant.TopicPattern)
-				} else if grant.AllowRead {
+				} else if grant.Allow.IsRead() {
 					fmt.Fprintf(c.App.ErrWriter, "- read-only access to topic %s\n", grant.TopicPattern)
-				} else if grant.AllowWrite {
+				} else if grant.Allow.IsWrite() {
 					fmt.Fprintf(c.App.ErrWriter, "- write-only access to topic %s\n", grant.TopicPattern)
 				} else {
 					fmt.Fprintf(c.App.ErrWriter, "- no access to topic %s\n", grant.TopicPattern)
@ -206,12 +206,12 @@ func showUsers(c *cli.Context, manager *user.Manager, users []*user.User) error
 			fmt.Fprintf(c.App.ErrWriter, "- no topic-specific permissions\n")
 		}
 		if u.Name == user.Everyone {
-			defaultRead, defaultWrite := manager.DefaultAccess()
-			if defaultRead && defaultWrite {
+			access := manager.DefaultAccess()
+			if access.IsReadWrite() {
 				fmt.Fprintln(c.App.ErrWriter, "- read-write access to all (other) topics (server config)")
-			} else if defaultRead {
+			} else if access.IsRead() {
 				fmt.Fprintln(c.App.ErrWriter, "- read-only access to all (other) topics (server config)")
-			} else if defaultWrite {
+			} else if access.IsWrite() {
 				fmt.Fprintln(c.App.ErrWriter, "- write-only access to all (other) topics (server config)")
 			} else {
 				fmt.Fprintln(c.App.ErrWriter, "- no access to any (other) topics (server config)")
--- a/cmd/access_test.go
+++ b/cmd/access_test.go
@ -81,7 +81,7 @@ func runAccessCommand(app *cli.App, conf *server.Config, args ...string) error {
 		"ntfy",
 		"access",
 		"--auth-file=" + conf.AuthFile,
-		"--auth-default-access=" + confToDefaultAccess(conf),
+		"--auth-default-access=" + conf.AuthDefault.String(),
 	}
 	return app.Run(append(userArgs, args...))
 }
--- a/cmd/serve.go
+++ b/cmd/serve.go
@ -5,6 +5,7 @@ package cmd
 import (
 	"errors"
 	"fmt"
+	"heckel.io/ntfy/user"
 	"io/fs"
 	"math"
 	"net"
@ -171,8 +172,6 @@ func execServe(c *cli.Context) error {
 		return errors.New("if set, base-url must start with http:// or https://")
 	} else if baseURL != "" && strings.HasSuffix(baseURL, "/") {
 		return errors.New("if set, base-url must not end with a slash (/)")
-	} else if !util.Contains([]string{"read-write", "read-only", "write-only", "deny-all"}, authDefaultAccess) {
-		return errors.New("if set, auth-default-access must start set to 'read-write', 'read-only', 'write-only' or 'deny-all'")
 	} else if !util.Contains([]string{"app", "home", "disable"}, webRoot) {
 		return errors.New("if set, web-root must be 'home' or 'app'")
 	} else if upstreamBaseURL != "" && !strings.HasPrefix(upstreamBaseURL, "http://") && !strings.HasPrefix(upstreamBaseURL, "https://") {
@ -189,8 +188,10 @@ func execServe(c *cli.Context) error {
 	enableWeb := webRoot != "disable"

 	// Default auth permissions
-	authDefaultRead := authDefaultAccess == "read-write" || authDefaultAccess == "read-only"
-	authDefaultWrite := authDefaultAccess == "read-write" || authDefaultAccess == "write-only"
+	authDefault, err := user.ParsePermission(authDefaultAccess)
+	if err != nil {
+		return errors.New("if set, auth-default-access must start set to 'read-write', 'read-only', 'write-only' or 'deny-all'")
+	}

 	// Special case: Unset default
 	if listenHTTP == "-" {
@ -244,8 +245,7 @@ func execServe(c *cli.Context) error {
 	conf.CacheBatchSize = cacheBatchSize
 	conf.CacheBatchTimeout = cacheBatchTimeout
 	conf.AuthFile = authFile
-	conf.AuthDefaultRead = authDefaultRead
-	conf.AuthDefaultWrite = authDefaultWrite
+	conf.AuthDefault = authDefault
 	conf.AttachmentCacheDir = attachmentCacheDir
 	conf.AttachmentTotalSizeLimit = attachmentTotalSizeLimit
 	conf.AttachmentFileSizeLimit = attachmentFileSizeLimit
--- a/cmd/user.go
+++ b/cmd/user.go
@ -273,12 +273,12 @@ func createUserManager(c *cli.Context) (*user.Manager, error) {
 		return nil, errors.New("option auth-file not set; auth is unconfigured for this server")
 	} else if !util.FileExists(authFile) {
 		return nil, errors.New("auth-file does not exist; please start the server at least once to create it")
-	} else if !util.Contains([]string{"read-write", "read-only", "write-only", "deny-all"}, authDefaultAccess) {
-		return nil, errors.New("if set, auth-default-access must start set to 'read-write', 'read-only' or 'deny-all'")
 	}
-	authDefaultRead := authDefaultAccess == "read-write" || authDefaultAccess == "read-only"
-	authDefaultWrite := authDefaultAccess == "read-write" || authDefaultAccess == "write-only"
-	return user.NewManager(authFile, authDefaultRead, authDefaultWrite)
+	authDefault, err := user.ParsePermission(authDefaultAccess)
+	if err != nil {
+		return nil, errors.New("if set, auth-default-access must start set to 'read-write', 'read-only', 'write-only' or 'deny-all'")
+	}
+	return user.NewManager(authFile, authDefault)
 }

 func readPasswordAndConfirm(c *cli.Context) (string, error) {
--- a/cmd/user_test.go
+++ b/cmd/user_test.go
@ -5,6 +5,7 @@ import (
 	"github.com/urfave/cli/v2"
 	"heckel.io/ntfy/server"
 	"heckel.io/ntfy/test"
+	"heckel.io/ntfy/user"
 	"path/filepath"
 	"testing"
 )
@ -114,8 +115,7 @@ func TestCLI_User_Delete(t *testing.T) {
 func newTestServerWithAuth(t *testing.T) (s *server.Server, conf *server.Config, port int) {
 	conf = server.NewConfig()
 	conf.AuthFile = filepath.Join(t.TempDir(), "user.db")
-	conf.AuthDefaultRead = false
-	conf.AuthDefaultWrite = false
+	conf.AuthDefault = user.PermissionDenyAll
 	s, port = test.StartServerWithConfig(t, conf)
 	return
 }
@ -125,21 +125,7 @@ func runUserCommand(app *cli.App, conf *server.Config, args ...string) error {
 		"ntfy",
 		"user",
 		"--auth-file=" + conf.AuthFile,
-		"--auth-default-access=" + confToDefaultAccess(conf),
+		"--auth-default-access=" + conf.AuthDefault.String(),
 	}
 	return app.Run(append(userArgs, args...))
 }
-
-func confToDefaultAccess(conf *server.Config) string {
-	var defaultAccess string
-	if conf.AuthDefaultRead && conf.AuthDefaultWrite {
-		defaultAccess = "read-write"
-	} else if conf.AuthDefaultRead && !conf.AuthDefaultWrite {
-		defaultAccess = "read-only"
-	} else if !conf.AuthDefaultRead && conf.AuthDefaultWrite {
-		defaultAccess = "write-only"
-	} else if !conf.AuthDefaultRead && !conf.AuthDefaultWrite {
-		defaultAccess = "deny-all"
-	}
-	return defaultAccess
-}