add user roles in entity

linkernetworks · Aug 28, 2018 · e13ffe8 · e13ffe8
1 parent b0fa071
commit e13ffe8
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 11 deletions.
diff --git a/src/entity/user.go b/src/entity/user.go
@@ -9,6 +9,11 @@ import (
 // UserCollectionName's const
 const (
 	UserCollectionName string = "users"
+	// access control role
+	RootRole string = "root"
+	UserRole string = "user"
+	// view only
+	GuestRole string = "guest"
 )
 
 // RegistryBasicAuthCredential is the structure for a user login credential

diff --git a/src/server/route_filter.go b/src/server/route_filter.go
@@ -8,6 +8,8 @@ import (
 	"github.com/dgrijalva/jwt-go/request"
 	"github.com/emicklei/go-restful"
 	"github.com/linkernetworks/logger"
+	"github.com/linkernetworks/vortex/src/entity"
+	response "github.com/linkernetworks/vortex/src/net/http"
 	"github.com/linkernetworks/vortex/src/server/backend"
 )
 
@@ -30,35 +32,65 @@ func validateTokenMiddleware(req *restful.Request, resp *restful.Response, chain
 			req.SetAttribute("Role", claims["role"])
 			chain.ProcessFilter(req, resp)
 		} else {
-			resp.WriteHeader(http.StatusUnauthorized)
-			logger.Infof("Token is not valid")
+			resp.WriteHeaderAndEntity(http.StatusUnauthorized,
+				response.ActionResponse{
+					Error:   true,
+					Message: "Token is invalid",
+				})
 			return
 		}
 	} else {
-		resp.WriteHeader(http.StatusUnauthorized)
 		logger.Infof("Unauthorized access to this resource")
+		resp.WriteHeaderAndEntity(http.StatusUnauthorized,
+			response.ActionResponse{
+				Error:   true,
+				Message: "Unauthorized access to this resource",
+			})
 		return
 	}
 }
 
-func requiredRootRoleMiddleware(req *restful.Request, resp *restful.Response, chain *restful.FilterChain) {
+func rootRole(req *restful.Request, resp *restful.Response, chain *restful.FilterChain) {
 	role := req.Attribute("Role").(string)
-	if role == "root" {
+	if role == entity.RootRole {
 		chain.ProcessFilter(req, resp)
 	} else {
-		resp.WriteHeader(http.StatusForbidden)
-		log.Printf("User role forbidden")
+		log.Printf("User has no root role: Forbidden")
+		resp.WriteHeaderAndEntity(http.StatusForbidden,
+			response.ActionResponse{
+				Error:   true,
+				Message: "Permission denied",
+			})
 		return
 	}
 }
 
-func requiredUserRoleMiddleware(req *restful.Request, resp *restful.Response, chain *restful.FilterChain) {
+func userRole(req *restful.Request, resp *restful.Response, chain *restful.FilterChain) {
 	role := req.Attribute("Role").(string)
-	if role == "user" || role == "root" {
+	if role == entity.RootRole || role == entity.UserRole {
 		chain.ProcessFilter(req, resp)
 	} else {
-		resp.WriteHeader(http.StatusForbidden)
-		log.Printf("User role forbidden")
+		log.Printf("User has no user role: Forbidden")
+		resp.WriteHeaderAndEntity(http.StatusForbidden,
+			response.ActionResponse{
+				Error:   true,
+				Message: "Permission denied",
+			})
+		return
+	}
+}
+
+func guestRole(req *restful.Request, resp *restful.Response, chain *restful.FilterChain) {
+	role := req.Attribute("Role").(string)
+	if role == entity.RootRole || role == entity.UserRole || role == entity.GuestRole {
+		chain.ProcessFilter(req, resp)
+	} else {
+		log.Printf("User has no guest role: Forbidden")
+		resp.WriteHeaderAndEntity(http.StatusForbidden,
+			response.ActionResponse{
+				Error:   true,
+				Message: "Permission denied",
+			})
 		return
 	}
 }