From f97ab65634b5b88e3e42e10f9f4b0923d88a192b Mon Sep 17 00:00:00 2001
From: vlad <vlad@drivergrp.com>
Date: Tue, 2 Aug 2016 16:45:06 -0700
Subject: More abstract auth model and File service definition

---
 src/main/scala/com/drivergrp/core/auth.scala | 67 +++++-----------------------
 1 file changed, 10 insertions(+), 57 deletions(-)

(limited to 'src/main/scala/com/drivergrp/core/auth.scala')

diff --git a/src/main/scala/com/drivergrp/core/auth.scala b/src/main/scala/com/drivergrp/core/auth.scala
index 84d943d..8722d6a 100644
--- a/src/main/scala/com/drivergrp/core/auth.scala
+++ b/src/main/scala/com/drivergrp/core/auth.scala
@@ -2,65 +2,20 @@ package com.drivergrp.core
 
 object auth {
 
-  final case class FullName[+T](firstName: Name[T], middleName: Name[T], lastName: Name[T])
-
-  final case class Email(username: String, domain: String) {
-    override def toString = username + "@" + domain
-  }
+  trait Permission
 
   trait Role {
     val id: Id[Role]
     val name: Name[Role]
 
-    def canEditReport: Boolean    = false
-    def canSignOffReport: Boolean = false
-    def canAssignRoles: Boolean   = false
-  }
-
-  case object ObserverRole extends Role {
-    val id   = Id(1L)
-    val name = Name("observer")
-  }
-
-  case object PatientRole extends Role {
-    val id   = Id(2L)
-    val name = Name("patient")
+    def hasPermission(permission: Permission): Boolean = false
   }
 
-  case object CuratorRole extends Role {
-    val id   = Id(3L)
-    val name = Name("curator")
-
-    override def canEditReport: Boolean = true
-  }
-
-  case object PathologistRole extends Role {
-    val id   = Id(4L)
-    val name = Name("pathologist")
-
-    override def canEditReport: Boolean    = true
-    override def canSignOffReport: Boolean = true
+  trait User {
+    def id: Id[User]
+    def roles: Set[Role]
   }
 
-  case object AdministratorRole extends Role {
-    val id   = Id(5L)
-    val name = Name("administrator")
-
-    override def canEditReport: Boolean    = true
-    override def canSignOffReport: Boolean = true
-    override def canAssignRoles: Boolean   = true
-  }
-
-  final case class Avatar(id: Id[Avatar], name: Name[Avatar])
-
-  final case class User(id: Id[User], name: FullName[User], email: Email, avatar: Option[Avatar], roles: Set[Role])
-
-  val TestUser = User(Id[User](1L),
-                      FullName[User](Name("James"), Name("Dewey"), Name("Watson")),
-                      Email("j.watson", "uchicago.edu"),
-                      Some(Avatar(Id[Avatar](1L), Name[Avatar]("Coolface"))),
-                      Set(PathologistRole))
-
   final case class Macaroon(value: String)
 
   final case class Base64[T](value: String)
@@ -73,13 +28,15 @@ object auth {
 
     val AuthenticationTokenHeader = "WWW-Authenticate"
 
-    def authorize(role: Role): Directive1[Id[User]] = {
+    type UserExtractor = AuthToken => Option[User]
+
+    def authorize(role: Role)(implicit userExtractor: UserExtractor): Directive1[Id[User]] = {
       headerValueByName(AuthenticationTokenHeader).flatMap { tokenValue =>
         val token = AuthToken(Base64[Macaroon](tokenValue))
 
-        extractUser(token) match {
+        userExtractor(token) match {
           case Some(user) =>
-            if (user.roles.contains(role)) provide(user.id)
+            if (user.roles.contains(role)) provide(user.id: Id[User])
             else reject(ValidationRejection(s"User does not have the required ${role.name} role"))
           case None =>
             reject(ValidationRejection(s"Wasn't able to extract user for the token provided"))
@@ -92,9 +49,5 @@ object auth {
         provide(AuthToken(Base64[Macaroon](token)))
       }
     }
-
-    def extractUser(authToken: AuthToken): Option[User] = {
-      Some(TestUser)
-    }
   }
 }
-- 
cgit v1.2.3