ducky/devices

Paddy 2015-12-19 Parent:c24a6c5fcd8c Child:ed1b5ba69551

16:a700ede02f91 Go to Latest

ducky/devices/apiv1/devices.go

Validate device creation. Update our uuid package to the latest, which is now based on the GitHub fork instead of the Google Code. Also, update our api package to its latest version, which now needs the pqarrays package as a dependency. We fleshed out the validateDeviceCreation. We now pass in the scopes we have (for broad access control) and the user ID (for fine-grained access control). This helper returns the first error it encounters, though it should probably return a slice so we can return multiple errors all at once. Before we even decode the request to create a Device, let's check if the user is even logged in. If we can't ascertain that or they're not, there's no point in even consuming the memory necessary to read the request, because we know we're not going to use it anyways. Finally actually validate the devices we're creating, and return an appropriate error for each error we can get. Also, the api.CheckScopes helper function now takes the scopes passed in as a string slice, and we have an api.GetScopes helper function to retrieve the scopes associated with the request. Let's not keep parsing that. We need two new scopes to control access for device creation; ScopeImport lets users import devices in and is pretty much admin access. ScopeCreateOtherUserDevices allows a user to create Devices that are owned by another user.

Download raw file
View source Diff to previous Annotate
History
paddy@15 1 package apiv1
paddy@15 2
paddy@15 3 import (
paddy@16 4 "errors"
paddy@15 5 "time"
paddy@15 6
paddy@16 7 "code.secondbit.org/api.hg"
paddy@15 8 "code.secondbit.org/ducky/devices.hg"
paddy@15 9 "code.secondbit.org/uuid.hg"
paddy@15 10 )
paddy@15 11
paddy@16 12 var (
paddy@16 13 errUnauthorizedLastSeen = errors.New("not authorized to set last seen")
paddy@16 14 errUnauthorizedCreated = errors.New("not authorized to set created")
paddy@16 15 errUnauthorizedOwner = errors.New("not authorized to set owner")
paddy@16 16 errInvalidDeviceType = errors.New("device type invalid")
paddy@16 17 errDeviceNameTooShort = errors.New("device name too short")
paddy@16 18 errDeviceNameTooLong = errors.New("device name too long")
paddy@16 19 )
paddy@16 20
paddy@15 21 // Device represents a device as exposed through the API. It is its
paddy@15 22 // own type as the business logic and the API have different requirements
paddy@15 23 // for the Device type, and require different representations.
paddy@15 24 type Device struct {
paddy@15 25 ID uuid.ID `json:"id"`
paddy@15 26 Name string `json:"name,omitempty"`
paddy@15 27 Owner uuid.ID `json:"owner,omitempty"`
paddy@15 28 Type devices.DeviceType `json:"type,omitempty"`
paddy@15 29 Created time.Time `json:"created,omitempty"`
paddy@15 30 LastSeen time.Time `json:"lastSeen,omitempty"`
paddy@15 31 PushToken string `json:"pushToken,omitempty"`
paddy@15 32 }
paddy@15 33
paddy@15 34 // DeviceChange represents a set of changes to a device that will be used
paddy@15 35 // to update that device. It is its own type as the business logic and the
paddy@15 36 // API have different requirements for the DeviceChange type, and require
paddy@15 37 // different representations.
paddy@15 38 type DeviceChange struct {
paddy@15 39 DeviceID uuid.ID `json:"id"`
paddy@15 40 Name *string `json:"name,omitempty"`
paddy@15 41 Owner *uuid.ID `json:"owner,omitempty"`
paddy@15 42 Type *devices.DeviceType `json:"type,omitempty"`
paddy@15 43 LastSeen *time.Time `json:"lastSeen,omitempty"`
paddy@15 44 PushToken *string `json:"pushToken,omitempty"`
paddy@15 45 }
paddy@15 46
paddy@15 47 func apiDeviceFromCore(d devices.Device, includePushToken bool) Device {
paddy@15 48 device := Device{
paddy@15 49 ID: d.ID,
paddy@15 50 Name: d.Name,
paddy@15 51 Owner: d.Owner,
paddy@15 52 Type: d.Type,
paddy@15 53 Created: d.Created,
paddy@15 54 LastSeen: d.LastSeen,
paddy@15 55 }
paddy@15 56 if includePushToken {
paddy@15 57 device.PushToken = d.PushToken
paddy@15 58 }
paddy@15 59 return device
paddy@15 60 }
paddy@15 61
paddy@15 62 func changeFromAPI(d DeviceChange) devices.DeviceChange {
paddy@15 63 return devices.DeviceChange{
paddy@15 64 DeviceID: d.DeviceID,
paddy@15 65 Name: d.Name,
paddy@15 66 Owner: d.Owner,
paddy@15 67 Type: d.Type,
paddy@15 68 LastSeen: d.LastSeen,
paddy@15 69 PushToken: d.PushToken,
paddy@15 70 }
paddy@15 71 }
paddy@15 72
paddy@15 73 func createDevicesFromChanges(changes []DeviceChange) []devices.Device {
paddy@15 74 newDevices := make([]devices.Device, 0, len(changes))
paddy@15 75 for _, change := range changes {
paddy@15 76 newDevices = append(newDevices, devices.ApplyChange(devices.Device{}, changeFromAPI(change)))
paddy@15 77 }
paddy@15 78 return newDevices
paddy@15 79 }
paddy@15 80
paddy@16 81 func validateDeviceCreation(d devices.Device, scopes []string, user uuid.ID) error {
paddy@16 82 canImport := api.CheckScopes(scopes, ScopeImport.ID)
paddy@16 83 canCreateOtherUserDevices := api.CheckScopes(scopes, ScopeCreateOtherUserDevices.ID)
paddy@16 84 if !d.LastSeen.IsZero() && !canImport {
paddy@16 85 return errUnauthorizedLastSeen
paddy@16 86 }
paddy@16 87 if !d.Created.IsZero() && !canImport {
paddy@16 88 return errUnauthorizedCreated
paddy@16 89 }
paddy@16 90 if !d.Owner.Equal(user) && !canCreateOtherUserDevices {
paddy@16 91 return errUnauthorizedOwner
paddy@16 92 }
paddy@16 93 if !devices.IsValidDeviceType(d.Type) {
paddy@16 94 return errInvalidDeviceType
paddy@16 95 }
paddy@16 96 if len(d.Name) < devices.MinDeviceNameLength {
paddy@16 97 return errDeviceNameTooShort
paddy@16 98 }
paddy@16 99 if len(d.Name) > devices.MaxDeviceNameLength {
paddy@16 100 return errDeviceNameTooLong
paddy@16 101 }
paddy@15 102 return nil
paddy@15 103 }