DC/dc-project
1
1
Fork 0
Code Issues 25 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

feature #9: Create Voter for Article

Browse Source
This commit is contained in:
Fabrice Lecomte
2019-08-23 09:41:41 +02:00
parent 21b6a525fd
commit 0108d496e0
5 changed files with 154 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
src/main/kotlin/fr/dcproject/security/voter/ArticleVoter.kt Normal file
View File

@@ -0,0 +1,39 @@
package fr.dcproject.security.voter
import fr.dcproject.entity.Article
import fr.dcproject.entity.User
import io.ktor.application.ApplicationCall
class ArticleVoter: Voter {
enum class Action: ActionI {
CREATE,
UPDATE,
VIEW,
DELETE
}
override fun supports(action: ActionI, call: ApplicationCall, subject: Any?): Boolean {
return action is Action && subject is Article?
}
override fun vote(action: ActionI, call: ApplicationCall, subject: Any?): Vote {
val user = call.user
if (action == Action.CREATE && user != null) {
return Vote.GRANTED
}
if (action == Action.VIEW) {
return Vote.GRANTED
}
if (action == Action.DELETE && user is User && subject is Article && subject.createdBy?.userId == user.id) {
return Vote.GRANTED
}
if (action == Action.UPDATE && user is User && subject is Article && subject.createdBy?.userId == user.id) {
return Vote.GRANTED
}
return Vote.ABSTAIN
}
}

89
src/main/kotlin/fr/dcproject/security/voter/Voter.kt Normal file
View File

@@ -0,0 +1,89 @@
package fr.dcproject.security.voter
import fr.dcproject.entity.User
import io.ktor.application.ApplicationCall
import io.ktor.application.ApplicationCallPipeline
import io.ktor.application.ApplicationFeature
import io.ktor.auth.authentication
import io.ktor.http.HttpStatusCode
import io.ktor.response.respond
import io.ktor.util.AttributeKey
import io.ktor.util.KtorExperimentalAPI
interface ActionI
interface Voter {
fun supports(action: ActionI, call: ApplicationCall, subject: Any? = null): Boolean
fun vote(action: ActionI, call: ApplicationCall, subject: Any? = null): Vote
}
fun List<Voter>.can(action: ActionI, call: ApplicationCall, subject: Any? = null): Boolean {
val votes = this
.filter { it.supports(action, call, subject) }
.ifEmpty { throw NoVoterException(action) }
.map { it.vote(action, call, subject) }
return votes.all { it in listOf(Vote.GRANTED, Vote.ABSTAIN) } and votes.any { it == Vote.GRANTED }
}
enum class Vote {
GRANTED,
ABSTAIN,
DENIED
}
private val votersAttributeKey = AttributeKey<List<Voter>>("voters")
fun ApplicationCall.assertCan(action: ActionI, subject: Any? = null) {
if (!can(action, subject)) {
throw UnauthorizedException(action)
}
}
fun ApplicationCall.can(action: ActionI, subject: Any? = null): Boolean {
val voters = attributes[votersAttributeKey]
return voters.can(action, this, subject)
}
abstract class VoterException(message: String) : Throwable(message)
class NoVoterException(action: ActionI) : VoterException("No voter found for action '$action'")
class UnauthorizedException(action: ActionI) : VoterException("Unauthorized for action '$action'")
class ForbiddenException : Throwable()
val ApplicationCall.user get() = authentication.principal<User>()
class AuthorizationVoter {
/**
* Configuration for [AuthorizationVoter] feature.
*/
class Configuration {
var voters = mutableListOf<Voter>()
fun voter(voter: Voter) = voters.add(voter)
}
/**
* Object for installing feature
*/
companion object Feature : ApplicationFeature<ApplicationCallPipeline, Configuration, AuthorizationVoter> {
override val key = AttributeKey<AuthorizationVoter>("Voter")
@KtorExperimentalAPI
override fun install(pipeline: ApplicationCallPipeline, configure: Configuration.() -> Unit): AuthorizationVoter {
val configuration = Configuration().apply(configure)
pipeline.intercept(ApplicationCallPipeline.Features) {
context.attributes.put(votersAttributeKey, configuration.voters)
try {
proceed()
} catch (e: VoterException) {
context.respond(HttpStatusCode.Forbidden)
}
}
return AuthorizationVoter()
}
}
}