From 2f01c45b4fdc2710e91ce8988f621de38b697eab Mon Sep 17 00:00:00 2001 From: vlad Date: Mon, 19 Sep 2016 10:56:11 -0700 Subject: Adding permissions to the user + Allowing to pass auth token as a parameter --- src/main/scala/com/drivergrp/core/auth.scala | 60 +++++++++++++++++----------- 1 file changed, 37 insertions(+), 23 deletions(-) (limited to 'src/main') diff --git a/src/main/scala/com/drivergrp/core/auth.scala b/src/main/scala/com/drivergrp/core/auth.scala index eed40ef..e9d4b84 100644 --- a/src/main/scala/com/drivergrp/core/auth.scala +++ b/src/main/scala/com/drivergrp/core/auth.scala @@ -16,50 +16,56 @@ object auth { trait Role { val id: Id[Role] val name: Name[Role] + val permissions: Set[Permission] - def hasPermission(permission: Permission): Boolean = false + def hasPermission(permission: Permission): Boolean = permissions.contains(permission) } case object ObserverRole extends Role { - val id = Id(1L) - val name = Name("observer") - - override def hasPermission(permission: Permission): Boolean = - Set[Permission](CanSeeUser, CanSeeAssay, CanSeeReport).contains(permission) + val id = Id(1L) + val name = Name("observer") + val permissions = Set[Permission](CanSeeUser, CanSeeAssay, CanSeeReport) } case object PatientRole extends Role { - val id = Id(2L) - val name = Name("patient") + val id = Id(2L) + val name = Name("patient") + val permissions = Set.empty[Permission] } case object CuratorRole extends Role { - val id = Id(3L) - val name = Name("curator") - - override def hasPermission(permission: Permission): Boolean = - Set[Permission](CanSeeUser, CanSeeAssay, CanSeeReport, CanEditReport).contains(permission) + val id = Id(3L) + val name = Name("curator") + val permissions = Set[Permission](CanSeeUser, CanSeeAssay, CanSeeReport, CanEditReport) } case object PathologistRole extends Role { val id = Id(4L) val name = Name("pathologist") - - override def hasPermission(permission: Permission): Boolean = + val permissions = Set[Permission](CanSeeUser, CanSeeAssay, CanSeeReport, CanEditReport, CanSignOutReport, CanEditReviewingReport) - .contains(permission) } case object AdministratorRole extends Role { val id = Id(5L) val name = Name("administrator") - - override def hasPermission(permission: Permission): Boolean = true + val permissions = Set[Permission]( + CanSeeUser, + CanSeeAssay, + CanSeeReport, + CanCreateReport, + CanEditReport, + CanEditReviewingReport, + CanSignOutReport, + CanShareReportWithPatient, + CanAssignRoles + ) } trait User { def id: Id[User] def roles: Set[Role] + def permissions: Set[Permission] = roles.flatMap(_.permissions) } final case class Macaroon(value: String) @@ -84,11 +90,19 @@ object auth { val AuthenticationTokenHeader = "WWW-Authenticate" def authorize(permission: Permission): Directive1[AuthToken] = { - headerValueByName(AuthenticationTokenHeader).flatMap { tokenValue => - val token = AuthToken(Base64[Macaroon](tokenValue)) - - if (extractUser(token).roles.exists(_.hasPermission(permission))) provide(token) - else reject(ValidationRejection(s"User does not have the required permission $permission")) + parameters('authToken.?).flatMap { parameterTokenValue => + optionalHeaderValueByName(AuthenticationTokenHeader).flatMap { headerTokenValue => + headerTokenValue.orElse(parameterTokenValue) match { + case Some(tokenValue) => + val token = AuthToken(Base64[Macaroon](tokenValue)) + + if (extractUser(token).roles.exists(_.hasPermission(permission))) provide(token) + else reject(ValidationRejection(s"User does not have the required permission $permission")) + + case None => + reject(MissingHeaderRejection("WWW-Authenticate")) + } + } } } } -- cgit v1.2.3