aligned users to new design

servers/servers.go

@@ -1,7 +1,6 @@
 package servers
 
 import (
-	"context"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -19,7 +18,6 @@ import (
 	"git.acooldomain.co/server-manager/backend-kubernetes-go/models"
 	"github.com/gin-gonic/gin"
 	"github.com/gorilla/websocket"
-	v1 "github.com/opencontainers/image-spec/specs-go/v1"
 )
 
 var upgrader = websocket.Upgrader{
@@ -67,6 +65,37 @@ type CreateServerRequest struct {
 	Nickname       string        `json:"Nickname"`
 }
 
+func (con Connection) ServerAuthorized(permissions models.Permission) func(*gin.Context) {
+	return func(ctx *gin.Context) {
+		claimsPointer, exists := ctx.Get("claims")
+		if !exists {
+			ctx.AbortWithStatus(403)
+			return
+		}
+
+		claims := claimsPointer.(*auth.AuthClaims)
+
+		serverId := ctx.Param("server_id")
+		if serverId == "" {
+			ctx.AbortWithStatus(403)
+			return
+		}
+
+		userPermissions, err := con.ServerAuthorization.GetPermissions(ctx, claims.Username, serverId)
+		if err != nil {
+			ctx.AbortWithError(500, err)
+			return
+		}
+
+		if userPermissions&permissions == permissions || userPermissions&models.Admin == models.Admin {
+			return
+		}
+
+		ctx.AbortWithStatus(403)
+		return
+	}
+}
+
 func (con Connection) CreateServer(ctx *gin.Context) {
 	claims, exists := ctx.Get("claims")
 	if !exists {
@@ -109,6 +138,12 @@ func (con Connection) CreateServer(ctx *gin.Context) {
 		return
 	}
 
+	err = con.ServerAuthorization.AddPermissions(ctx, serverClaims.Username, instanceServer.Id, models.Admin)
+	if err != nil {
+		ctx.AbortWithError(500, err)
+		return
+	}
+
 	ctx.JSON(200, instanceServer.Id)
 }
 
@@ -540,17 +575,16 @@ func LoadGroup(group *gin.RouterGroup, config models.GlobalConfig) {
 		ServerAuthorization: serversAuthorizationHandler,
 		InstanceManager:     instanceManager,
 	}
-	authConnection := auth.Connection{}
 
-	group.POST("/:server_id/start", auth.AuthorizedTo(models.Start, authConnection.ServerAuthorized(models.Start)), connection.StartServer)
+	group.POST("/:server_id/start", auth.AuthorizedTo(models.Start), connection.ServerAuthorized(models.Start), connection.StartServer)
 	group.POST("", auth.AuthorizedTo(models.Create), connection.CreateServer)
 	group.GET("", auth.AuthorizedTo(0), connection.GetServers)
-	group.POST("/:server_id/stop", auth.AuthorizedTo(models.Stop, authConnection.ServerAuthorized(models.Stop)), connection.StopServer)
-	group.DELETE("/:server_id", auth.AuthorizedTo(models.Delete, authConnection.ServerAuthorized(models.Delete)), connection.DeleteServer)
-	group.POST("/:server_id/run_command", auth.AuthorizedTo(models.RunCommand, authConnection.ServerAuthorized(models.RunCommand)), connection.RunCommand)
-	group.GET("/:server_id/attach", auth.AuthorizedTo(models.RunCommand, authConnection.ServerAuthorized(models.RunCommand)), connection.AttachServer)
-	group.PATCH("/:server_id", auth.AuthorizedTo(models.Admin, authConnection.ServerAuthorized(models.Admin)), connection.UpdateServer)
-	group.POST("/:server_id/browse", auth.AuthorizedTo(models.Browse, authConnection.ServerAuthorized(models.Admin)), connection.BrowseServer)
-	group.GET("/:server_id/permissions", auth.AuthorizedTo(models.Browse, authConnection.ServerAuthorized(models.Admin)), connection.GetServerUserPermissions)
-	group.POST("/:server_id/permissions", auth.AuthorizedTo(models.Browse, authConnection.ServerAuthorized(models.Admin)), connection.SetServerUserPermissions)
+	group.POST("/:server_id/stop", auth.AuthorizedTo(models.Stop), connection.ServerAuthorized(models.Stop), connection.StopServer)
+	group.DELETE("/:server_id", auth.AuthorizedTo(models.Delete), connection.ServerAuthorized(models.Delete), connection.DeleteServer)
+	group.POST("/:server_id/run_command", auth.AuthorizedTo(models.RunCommand), connection.ServerAuthorized(models.RunCommand), connection.RunCommand)
+	group.GET("/:server_id/attach", auth.AuthorizedTo(models.RunCommand), connection.ServerAuthorized(models.RunCommand), connection.AttachServer)
+	group.PATCH("/:server_id", auth.AuthorizedTo(models.Admin), connection.ServerAuthorized(models.Admin), connection.UpdateServer)
+	group.POST("/:server_id/browse", auth.AuthorizedTo(models.Browse), connection.ServerAuthorized(models.Admin), connection.BrowseServer)
+	group.GET("/:server_id/permissions", auth.AuthorizedTo(models.Browse), connection.ServerAuthorized(models.Admin), connection.GetServerUserPermissions)
+	group.POST("/:server_id/permissions", auth.AuthorizedTo(models.Browse), connection.ServerAuthorized(models.Admin), connection.SetServerUserPermissions)
 }