Add user parameter to authorization method

author: Zach Smith <zach@driver.xyz> 2017-05-14 21:10:56 -0600
committer: Zach Smith <zach@driver.xyz> 2017-05-24 13:50:04 -0700
commit: 96735d492f5c0aebbc5d26d971c2c37514a26546 (patch)
tree: a4228a001490af1ed24641e6ae2521586b60240d
parent: 2fc1c3baeef3662258caa64068fbcb25401a4065 (diff)
download: driver-core-96735d492f5c0aebbc5d26d971c2c37514a26546.tar.gz
driver-core-96735d492f5c0aebbc5d26d971c2c37514a26546.tar.bz2
driver-core-96735d492f5c0aebbc5d26d971c2c37514a26546.zip
2 files changed, 13 insertions, 13 deletions
diff --git a/src/main/scala/xyz/driver/core/rest.scala b/src/main/scala/xyz/driver/core/rest.scala
index 5c4b332..0574916 100644
--- a/src/main/scala/xyz/driver/core/rest.scala
+++ b/src/main/scala/xyz/driver/core/rest.scala
@@ -167,19 +167,19 @@ package rest {
   }
 
   trait Authorization[U <: User] {
-    def userHasPermissions(permissions: Seq[Permission])(
-            implicit ctx: AuthorizedServiceRequestContext[U]): Future[AuthorizationResult]
+    def userHasPermissions(user: U, permissions: Seq[Permission])(
+            implicit ctx: ServiceRequestContext): Future[AuthorizationResult]
   }
 
   class AlwaysAllowAuthorization[U <: User](implicit execution: ExecutionContext) extends Authorization[U] {
-    override def userHasPermissions(permissions: Seq[Permission])(
-            implicit ctx: AuthorizedServiceRequestContext[U]): Future[AuthorizationResult] =
+    override def userHasPermissions(user: U, permissions: Seq[Permission])(
+            implicit ctx: ServiceRequestContext): Future[AuthorizationResult] =
       Future.successful(AuthorizationResult(authorized = true, ctx.permissionsToken))
   }
 
   class CachedTokenAuthorization[U <: User](publicKey: PublicKey, issuer: String) extends Authorization[U] {
-    override def userHasPermissions(permissions: Seq[Permission])(
-            implicit ctx: AuthorizedServiceRequestContext[U]): Future[AuthorizationResult] = {
+    override def userHasPermissions(user: U, permissions: Seq[Permission])(
+            implicit ctx: ServiceRequestContext): Future[AuthorizationResult] = {
       import spray.json._
 
       def extractPermissionsFromTokenJSON(tokenObject: JsObject): Option[Map[String, Boolean]] =
@@ -196,7 +196,7 @@ package rest {
         jwtJson = jwt.parseJson.asJsObject
 
         // Ensure jwt is for the currently authenticated user and the correct issuer, otherwise return None
-        _ <- jwtJson.fields.get("sub").contains(JsString(ctx.authenticatedUser.id.value)).option(())
+        _ <- jwtJson.fields.get("sub").contains(JsString(user.id.value)).option(())
         _ <- jwtJson.fields.get("iss").contains(JsString(issuer)).option(())
 
         permissionsMap <- extractPermissionsFromTokenJSON(jwtJson)
@@ -211,12 +211,12 @@ package rest {
   class ChainedAuthorization[U <: User](authorizations: Authorization[U]*)(implicit execution: ExecutionContext)
       extends Authorization[U] {
 
-    override def userHasPermissions(permissions: Seq[Permission])(
-            implicit ctx: AuthorizedServiceRequestContext[U]): Future[AuthorizationResult] = {
+    override def userHasPermissions(user: U, permissions: Seq[Permission])(
+            implicit ctx: ServiceRequestContext): Future[AuthorizationResult] = {
       authorizations.toList.foldLeftM[Future, AuthorizationResult](AuthorizationResult.unauthorized) {
         (authResult, authorization) =>
           if (authResult.authorized) Future.successful(authResult)
-          else authorization.userHasPermissions(permissions)
+          else authorization.userHasPermissions(user, permissions)
       }
     }
   }
@@ -246,7 +246,7 @@ package rest {
             authToken <- OptionT.optionT(Future.successful(ctx.authToken))
             user      <- authenticatedUser(ctx)
             authCtx = ctx.withAuthenticatedUser(authToken, user)
-            authorizationResult <- authorization.userHasPermissions(permissions)(authCtx).toOptionT
+            authorizationResult <- authorization.userHasPermissions(user, permissions)(authCtx).toOptionT
             cachedPermissionsAuthCtx = authorizationResult.token.fold(authCtx)(authCtx.withPermissionsToken)
           } yield (cachedPermissionsAuthCtx, authorizationResult.authorized)).run
         } flatMap {
diff --git a/src/test/scala/xyz/driver/core/AuthTest.scala b/src/test/scala/xyz/driver/core/AuthTest.scala
index 8de0e87..bf776df 100644
--- a/src/test/scala/xyz/driver/core/AuthTest.scala
+++ b/src/test/scala/xyz/driver/core/AuthTest.scala
@@ -35,8 +35,8 @@ class AuthTest extends FlatSpec with Matchers with MockitoSugar with ScalatestRo
 
   val basicAuthorization: Authorization[User] = new Authorization[User] {
 
-    override def userHasPermissions(permissions: Seq[Permission])(
-            implicit ctx: AuthorizedServiceRequestContext[User]): Future[AuthorizationResult] = {
+    override def userHasPermissions(user: User, permissions: Seq[Permission])(
+            implicit ctx: ServiceRequestContext): Future[AuthorizationResult] = {
       val authorized = permissions.forall(_ === TestRoleAllowedPermission)
       Future.successful(AuthorizationResult(authorized, ctx.permissionsToken))
     }
author	Zach Smith <zach@driver.xyz>	2017-05-14 21:10:56 -0600
committer	Zach Smith <zach@driver.xyz>	2017-05-24 13:50:04 -0700
commit	96735d492f5c0aebbc5d26d971c2c37514a26546 (patch)
tree	a4228a001490af1ed24641e6ae2521586b60240d
parent	2fc1c3baeef3662258caa64068fbcb25401a4065 (diff)
download	driver-core-96735d492f5c0aebbc5d26d971c2c37514a26546.tar.gz driver-core-96735d492f5c0aebbc5d26d971c2c37514a26546.tar.bz2 driver-core-96735d492f5c0aebbc5d26d971c2c37514a26546.zip