status-go/protocol/communities/roles_authorization.go

98 lines
4.2 KiB
Go
Raw Normal View History

package communities
import "github.com/status-im/status-go/protocol/protobuf"
var adminAuthorizedEventTypes = []protobuf.CommunityEvent_EventType{
protobuf.CommunityEvent_COMMUNITY_EDIT,
protobuf.CommunityEvent_COMMUNITY_MEMBER_TOKEN_PERMISSION_CHANGE,
protobuf.CommunityEvent_COMMUNITY_MEMBER_TOKEN_PERMISSION_DELETE,
protobuf.CommunityEvent_COMMUNITY_CATEGORY_CREATE,
protobuf.CommunityEvent_COMMUNITY_CATEGORY_DELETE,
protobuf.CommunityEvent_COMMUNITY_CATEGORY_EDIT,
protobuf.CommunityEvent_COMMUNITY_CHANNEL_CREATE,
protobuf.CommunityEvent_COMMUNITY_CHANNEL_DELETE,
protobuf.CommunityEvent_COMMUNITY_CHANNEL_EDIT,
protobuf.CommunityEvent_COMMUNITY_CATEGORY_REORDER,
protobuf.CommunityEvent_COMMUNITY_CHANNEL_REORDER,
protobuf.CommunityEvent_COMMUNITY_REQUEST_TO_JOIN_ACCEPT,
protobuf.CommunityEvent_COMMUNITY_REQUEST_TO_JOIN_REJECT,
protobuf.CommunityEvent_COMMUNITY_MEMBER_KICK,
protobuf.CommunityEvent_COMMUNITY_MEMBER_BAN,
protobuf.CommunityEvent_COMMUNITY_MEMBER_UNBAN,
}
var tokenMasterAuthorizedEventTypes = append(adminAuthorizedEventTypes, []protobuf.CommunityEvent_EventType{
protobuf.CommunityEvent_COMMUNITY_TOKEN_ADD,
}...)
var ownerAuthorizedEventTypes = tokenMasterAuthorizedEventTypes
var rolesToAuthorizedEventTypes = map[protobuf.CommunityMember_Roles][]protobuf.CommunityEvent_EventType{
protobuf.CommunityMember_ROLE_NONE: []protobuf.CommunityEvent_EventType{},
protobuf.CommunityMember_ROLE_OWNER: ownerAuthorizedEventTypes,
protobuf.CommunityMember_ROLE_MANAGE_USERS: []protobuf.CommunityEvent_EventType{},
protobuf.CommunityMember_ROLE_MODERATE_CONTENT: []protobuf.CommunityEvent_EventType{},
protobuf.CommunityMember_ROLE_ADMIN: adminAuthorizedEventTypes,
protobuf.CommunityMember_ROLE_TOKEN_MASTER: tokenMasterAuthorizedEventTypes,
}
var adminAuthorizedPermissionTypes = []protobuf.CommunityTokenPermission_Type{
protobuf.CommunityTokenPermission_BECOME_MEMBER,
protobuf.CommunityTokenPermission_CAN_VIEW_CHANNEL,
protobuf.CommunityTokenPermission_CAN_VIEW_AND_POST_CHANNEL,
}
var tokenMasterAuthorizedPermissionTypes = append(adminAuthorizedPermissionTypes, []protobuf.CommunityTokenPermission_Type{
protobuf.CommunityTokenPermission_BECOME_ADMIN,
}...)
var ownerAuthorizedPermissionTypes = append(tokenMasterAuthorizedPermissionTypes, []protobuf.CommunityTokenPermission_Type{
protobuf.CommunityTokenPermission_BECOME_TOKEN_MASTER,
}...)
var rolesToAuthorizedPermissionTypes = map[protobuf.CommunityMember_Roles][]protobuf.CommunityTokenPermission_Type{
protobuf.CommunityMember_ROLE_NONE: []protobuf.CommunityTokenPermission_Type{},
protobuf.CommunityMember_ROLE_OWNER: ownerAuthorizedPermissionTypes,
protobuf.CommunityMember_ROLE_MANAGE_USERS: []protobuf.CommunityTokenPermission_Type{},
protobuf.CommunityMember_ROLE_MODERATE_CONTENT: []protobuf.CommunityTokenPermission_Type{},
protobuf.CommunityMember_ROLE_ADMIN: adminAuthorizedPermissionTypes,
protobuf.CommunityMember_ROLE_TOKEN_MASTER: tokenMasterAuthorizedPermissionTypes,
}
func canRolesPerformEvent(roles []protobuf.CommunityMember_Roles, eventType protobuf.CommunityEvent_EventType) bool {
for _, role := range roles {
authorizedEventTypes := rolesToAuthorizedEventTypes[role]
for _, authorizedEventType := range authorizedEventTypes {
if authorizedEventType == eventType {
return true
}
}
}
return false
}
func canRolesModifyPermission(roles []protobuf.CommunityMember_Roles, permissionType protobuf.CommunityTokenPermission_Type) bool {
for _, role := range roles {
authorizedPermissionTypes := rolesToAuthorizedPermissionTypes[role]
for _, authorizedPermissionType := range authorizedPermissionTypes {
if authorizedPermissionType == permissionType {
return true
}
}
}
return false
}
func RolesAuthorizedToPerformEvent(roles []protobuf.CommunityMember_Roles, event *CommunityEvent) bool {
if !canRolesPerformEvent(roles, event.Type) {
return false
}
if event.Type == protobuf.CommunityEvent_COMMUNITY_MEMBER_TOKEN_PERMISSION_CHANGE ||
event.Type == protobuf.CommunityEvent_COMMUNITY_MEMBER_TOKEN_PERMISSION_DELETE {
return canRolesModifyPermission(roles, event.TokenPermission.Type)
}
return true
}