bots
/
jitsibot
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

added new permissions model

master
David Haukeness 5 years ago
parent
8752e74bf6
commit
889d7b9e01
No known key found for this signature in database
GPG Key ID: 54F2372DDB7F9462
2 changed files with 106 additions and 13 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 29
      handlers.go
  2. 90
      permissions.go

29
handlers.go
Unescape View File

@ -44,20 +44,11 @@ func (b *bot) chatHandler(m chat1.MsgSummary) {
} }
// then check if this is the root command // then check if this is the root command
if isRootCommand(m.Content.Text.Body, b.cmd(), b.k.Username) { if isRootCommand(m.Content.Text.Body, b.cmd(), b.k.Username) {
b.handleMeeting(m) b.checkPermissionAndExecute("reader", m, b.handleMeeting)
return
}
// then check sub-command variants
// meet
if hasCommandPrefix(m.Content.Text.Body, b.cmd(), b.k.Username, "meet") {
b.handleMeeting(m)
return
}
// feedback
if hasCommandPrefix(m.Content.Text.Body, b.cmd(), b.k.Username, "feedback") {
b.handleFeedback(m)
return return
} }
// then check help and welcome (non-permissions)
// help // help
if hasCommandPrefix(m.Content.Text.Body, b.cmd(), b.k.Username, "help") { if hasCommandPrefix(m.Content.Text.Body, b.cmd(), b.k.Username, "help") {
b.handleWelcome(m.ConvID) b.handleWelcome(m.ConvID)
@ -68,9 +59,21 @@ func (b *bot) chatHandler(m chat1.MsgSummary) {
b.handleWelcome(m.ConvID) b.handleWelcome(m.ConvID)
return return
} }
// then check sub-command variants (permissions)
// meet
if hasCommandPrefix(m.Content.Text.Body, b.cmd(), b.k.Username, "meet") {
b.checkPermissionAndExecute("reader", m, b.handleMeeting)
return
}
// feedback
if hasCommandPrefix(m.Content.Text.Body, b.cmd(), b.k.Username, "feedback") {
b.checkPermissionAndExecute("reader", m, b.handleFeedback)
return
}
// config commands // config commands
if hasCommandPrefix(m.Content.Text.Body, b.cmd(), b.k.Username, "config") { if hasCommandPrefix(m.Content.Text.Body, b.cmd(), b.k.Username, "config") {
b.handleConfigCommand(m) b.checkPermissionAndExecute("admin", m, b.handleConfigCommand)
return return
} }
} }

90
permissions.go
Unescape View File

@ -0,0 +1,90 @@
package main
import (
"strings"
"samhofi.us/x/keybase/types/chat1"
)
// checkPermissionAndExecute will check the minimum required role for the permission and execute the handler function if allowed
func (b *bot) checkPermissionAndExecute(requiredRole string, m chat1.MsgSummary, f func(chat1.MsgSummary)) {
// get the members of the conversation
b.debug("Executing permissions check")
// currently this doesn't work due to a keybase bug
// the workaround is to check the general channel the old way
//conversation, err := b.k.ListMembersOfConversation(m.ConvID)
// **** <workaround>
channel := chat1.ChatChannel{
Name: m.Channel.Name,
MembersType: m.Channel.MembersType,
TopicName: "general",
}
conversation, err := b.k.ListMembersOfChannel(channel)
/// **** </workaround>
if err != nil {
eid := b.logError(err)
b.k.ReactByConvID(m.ConvID, m.Id, "Error ID %s", eid)
return
}
// create a map of valid roles, according to @dxb struc
memberTypes := make(map[string]struct{})
memberTypes["owner"] = struct{}{}
memberTypes["admin"] = struct{}{}
memberTypes["writer"] = struct{}{}
memberTypes["reader"] = struct{}{}
// if the role is not in the map, its an invalid role
if _, ok := memberTypes[strings.ToLower(requiredRole)]; !ok {
// the role passed was not valid, so bail
b.log("ERROR: %s is not a valid permissions level", requiredRole)
return
}
// then descend permissions from top down
for _, member := range conversation.Members.Owners {
if strings.ToLower(member.Username) == strings.ToLower(m.Sender.Username) {
f(m)
return
}
b.debug("no")
}
// if the required role was owner, return and don't evaluate the rest
if strings.ToLower(requiredRole) == "owner" {
b.debug("user does not have required permission of: owner")
return
}
// admins
for _, member := range conversation.Members.Admins {
if strings.ToLower(member.Username) == strings.ToLower(m.Sender.Username) {
f(m)
return
}
}
if strings.ToLower(requiredRole) == "admin" {
b.debug("user does not have required permission of: admin")
return
}
// writers
for _, member := range conversation.Members.Writers {
if strings.ToLower(member.Username) == strings.ToLower(m.Sender.Username) {
f(m)
return
}
}
if strings.ToLower(requiredRole) == "writer" {
b.debug("user does not have required permission of: writer")
return
}
// readers
for _, member := range conversation.Members.Readers {
if strings.ToLower(member.Username) == strings.ToLower(m.Sender.Username) {
f(m)
return
}
}
// just return - restricted bots shouldn't be able to run commands
b.debug("user does not have required permission of: reader")
return
}
Write Preview
Loading…
Cancel
Save