initial permission supprt - fixes #10

master
lub 7 years ago
parent 5340410ff2
commit d1f8fcd28e

@ -9,5 +9,5 @@ dbtools.createSchema = (db) => {
service TEXT, \
subcommand TEXT, \
args TEXT \
)'); // the inner bracket for sql, the outer for closing the function*/
)'); // the inner bracket for sql, the outer for closing the function
};

@ -1,6 +1,7 @@
const commands = require('./commands.js');
const dbtools = require('./dbtools.js');
const fs = require('fs');
const permissions = require('./permissions.js');
const sdk = require('matrix-js-sdk');
const sqlite3 = require('sqlite3').verbose(); // .verbose until basics work
const yaml = require('js-yaml');
@ -34,6 +35,8 @@ matrixClient.on('Room.timeline', function(event, room, resetTimeline) {
commands.expandCommand(body, commands.projects)
.then((expansion) => {
permissions.eval(event.sender.userId, expansion, db)
.then((accessgranted) => {
let subcommand = commands.projects[expansion.project][expansion.service][expansion.subcommand];
const args = expansion.args.match(subcommand.regex);
@ -43,6 +46,9 @@ matrixClient.on('Room.timeline', function(event, room, resetTimeline) {
}
subcommand.exec(args, room, event);
}, (fail) => {
matrixClient.sendNotice(room.roomId, event.sender.userId + ' ' + fail);
});
}, (fail) => { // command not found
let tmp = commands.suggestFix(body, commands.projects);
if(tmp !== null){ //when the regex matches nothing

@ -0,0 +1,50 @@
const permissions = module.exports = {};
permissions.eval = (mxid, expansion, db) => {
return new Promise((resolve, reject) => {
let accessGranted = false;
db.each('SELECT omni, project, service, subcommand, args \
FROM permissions \
WHERE mxid=?',
[mxid],
(err, row) => { // callback for each returned row
// check for omnipotence
if(row.omni === 1) {
accessGranted = true;
return;
};
// check for project permissions
const regexProject = new RegExp(row.project);
if(!regexProject.test(expansion.project)) {
return;
};
// check for service permissions
const regexService = new RegExp(row.service);
if(!regexService.test(expansion.service)) {
return;
};
// check for subcommand permissions
const regexSubcommand = new RegExp(row.subcommand);
if(!regexSubcommand.test(expansion.subcommand)) {
return;
};
// check for args permissions
const regexArgs = new RegExp(row.args);
if(regexArgs.test(expansion.args)) {
accessGranted = true;
return;
};
},
() => { // gets called after all rows are processed
if(accessGranted) {
resolve('access granted');
return;
} else {
reject('permission denied');
return;
};
});
});
};