bots/jitsibot
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

added new permissions model

Browse Source
This commit is contained in:
David Haukeness
2020-04-01 15:10:22 +00:00
parent 8752e74bf6
commit 889d7b9e01
2 changed files with 106 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
handlers.go
View File

@ -44,20 +44,11 @@ func (b *bot) chatHandler(m chat1.MsgSummary) {
} }
// then check if this is the root command // then check if this is the root command
if isRootCommand(m.Content.Text.Body, b.cmd(), b.k.Username) { if isRootCommand(m.Content.Text.Body, b.cmd(), b.k.Username) {
b.handleMeeting(m) b.checkPermissionAndExecute("reader", m, b.handleMeeting)
return
}
// then check sub-command variants
// meet
if hasCommandPrefix(m.Content.Text.Body, b.cmd(), b.k.Username, "meet") {
b.handleMeeting(m)
return
}
// feedback
if hasCommandPrefix(m.Content.Text.Body, b.cmd(), b.k.Username, "feedback") {
b.handleFeedback(m)
return return
} }
// then check help and welcome (non-permissions)
// help // help
if hasCommandPrefix(m.Content.Text.Body, b.cmd(), b.k.Username, "help") { if hasCommandPrefix(m.Content.Text.Body, b.cmd(), b.k.Username, "help") {
b.handleWelcome(m.ConvID) b.handleWelcome(m.ConvID)
@ -68,9 +59,21 @@ func (b *bot) chatHandler(m chat1.MsgSummary) {
b.handleWelcome(m.ConvID) b.handleWelcome(m.ConvID)
return return
} }
// then check sub-command variants (permissions)
// meet
if hasCommandPrefix(m.Content.Text.Body, b.cmd(), b.k.Username, "meet") {
b.checkPermissionAndExecute("reader", m, b.handleMeeting)
return
}
// feedback
if hasCommandPrefix(m.Content.Text.Body, b.cmd(), b.k.Username, "feedback") {
b.checkPermissionAndExecute("reader", m, b.handleFeedback)
return
}
// config commands // config commands
if hasCommandPrefix(m.Content.Text.Body, b.cmd(), b.k.Username, "config") { if hasCommandPrefix(m.Content.Text.Body, b.cmd(), b.k.Username, "config") {
b.handleConfigCommand(m) b.checkPermissionAndExecute("admin", m, b.handleConfigCommand)
return return
} }
} }

90
permissions.go Normal file
View File

@ -0,0 +1,90 @@
package main
import (
"strings"
"samhofi.us/x/keybase/types/chat1"
)
// checkPermissionAndExecute will check the minimum required role for the permission and execute the handler function if allowed
func (b *bot) checkPermissionAndExecute(requiredRole string, m chat1.MsgSummary, f func(chat1.MsgSummary)) {
// get the members of the conversation
b.debug("Executing permissions check")
// currently this doesn't work due to a keybase bug
// the workaround is to check the general channel the old way
//conversation, err := b.k.ListMembersOfConversation(m.ConvID)
// **** <workaround>
channel := chat1.ChatChannel{
Name: m.Channel.Name,
MembersType: m.Channel.MembersType,
TopicName: "general",
}
conversation, err := b.k.ListMembersOfChannel(channel)
/// **** </workaround>
if err != nil {
eid := b.logError(err)
b.k.ReactByConvID(m.ConvID, m.Id, "Error ID %s", eid)
return
}
// create a map of valid roles, according to @dxb struc
memberTypes := make(map[string]struct{})
memberTypes["owner"] = struct{}{}
memberTypes["admin"] = struct{}{}
memberTypes["writer"] = struct{}{}
memberTypes["reader"] = struct{}{}
// if the role is not in the map, its an invalid role
if _, ok := memberTypes[strings.ToLower(requiredRole)]; !ok {
// the role passed was not valid, so bail
b.log("ERROR: %s is not a valid permissions level", requiredRole)
return
}
// then descend permissions from top down
for _, member := range conversation.Members.Owners {
if strings.ToLower(member.Username) == strings.ToLower(m.Sender.Username) {
f(m)
return
}
b.debug("no")
}
// if the required role was owner, return and don't evaluate the rest
if strings.ToLower(requiredRole) == "owner" {
b.debug("user does not have required permission of: owner")
return
}
// admins
for _, member := range conversation.Members.Admins {
if strings.ToLower(member.Username) == strings.ToLower(m.Sender.Username) {
f(m)
return
}
}
if strings.ToLower(requiredRole) == "admin" {
b.debug("user does not have required permission of: admin")
return
}
// writers
for _, member := range conversation.Members.Writers {
if strings.ToLower(member.Username) == strings.ToLower(m.Sender.Username) {
f(m)
return
}
}
if strings.ToLower(requiredRole) == "writer" {
b.debug("user does not have required permission of: writer")
return
}
// readers
for _, member := range conversation.Members.Readers {
if strings.ToLower(member.Username) == strings.ToLower(m.Sender.Username) {
f(m)
return
}
}
// just return - restricted bots shouldn't be able to run commands
b.debug("user does not have required permission of: reader")
return
}