MrKalzu/kalzu-value-store
1
0
Fork 0
forked from ryyst/kalzu-value-store
Code Pull Requests Activity
Files
32b347f1fd0e07364e295b7b198058ecb56c5272
kalzu-value-store/auth/permissions.go
ryyst c273b836be refactor: extract authentication system to auth package 
- Create auth/jwt.go with JWT token management
- Create auth/permissions.go with permission checking logic
- Create auth/storage.go with storage key utilities
- Create auth/auth.go with main authentication service
- Create auth/middleware.go with auth and rate limit middleware
- Update main.go to import auth package and use auth.* functions
- Add authService to Server struct

Major auth functionality now separated into dedicated package.
Build tested and verified working.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-18 18:49:27 +03:00

65 lines
1.6 KiB
Go
Raw Blame History

package auth
import (
"kvs/types"
)
// CheckPermission checks if a user has permission to perform an operation on a resource
func CheckPermission(permissions int, operation string, isOwner, isGroupMember bool) bool {
switch operation {
case "create":
if isOwner {
return (permissions & types.PermOwnerCreate) != 0
}
if isGroupMember {
return (permissions & types.PermGroupCreate) != 0
}
return (permissions & types.PermOthersCreate) != 0
case "delete":
if isOwner {
return (permissions & types.PermOwnerDelete) != 0
}
if isGroupMember {
return (permissions & types.PermGroupDelete) != 0
}
return (permissions & types.PermOthersDelete) != 0
case "write":
if isOwner {
return (permissions & types.PermOwnerWrite) != 0
}
if isGroupMember {
return (permissions & types.PermGroupWrite) != 0
}
return (permissions & types.PermOthersWrite) != 0
case "read":
if isOwner {
return (permissions & types.PermOwnerRead) != 0
}
if isGroupMember {
return (permissions & types.PermGroupRead) != 0
}
return (permissions & types.PermOthersRead) != 0
default:
return false
}
}
// CheckUserResourceRelationship determines user relationship to resource
func CheckUserResourceRelationship(userUUID string, metadata *types.ResourceMetadata, userGroups []string) (isOwner, isGroupMember bool) {
isOwner = (userUUID == metadata.OwnerUUID)
if metadata.GroupUUID != "" {
for _, groupUUID := range userGroups {
if groupUUID == metadata.GroupUUID {
isGroupMember = true
break
}
}
}
return isOwner, isGroupMember
}
View Git Blame Copy Permalink