ducky/devices
ducky/devices/apiv1/scopes.go
Validate device creation. Update our uuid package to the latest, which is now based on the GitHub fork instead of the Google Code. Also, update our api package to its latest version, which now needs the pqarrays package as a dependency. We fleshed out the validateDeviceCreation. We now pass in the scopes we have (for broad access control) and the user ID (for fine-grained access control). This helper returns the first error it encounters, though it should probably return a slice so we can return multiple errors all at once. Before we even decode the request to create a Device, let's check if the user is even logged in. If we can't ascertain that or they're not, there's no point in even consuming the memory necessary to read the request, because we know we're not going to use it anyways. Finally actually validate the devices we're creating, and return an appropriate error for each error we can get. Also, the api.CheckScopes helper function now takes the scopes passed in as a string slice, and we have an api.GetScopes helper function to retrieve the scopes associated with the request. Let's not keep parsing that. We need two new scopes to control access for device creation; ScopeImport lets users import devices in and is pretty much admin access. ScopeCreateOtherUserDevices allows a user to create Devices that are owned by another user.
| paddy@15 | 1 package apiv1 |
| paddy@15 | 2 |
| paddy@15 | 3 import "code.secondbit.org/scopes.hg/types" |
| paddy@15 | 4 |
| paddy@15 | 5 var ( |
| paddy@15 | 6 // ScopeViewPushToken is a Scope that grants access to viewing pushTokens for |
| paddy@15 | 7 // Devices. |
| paddy@15 | 8 ScopeViewPushToken = scopeTypes.Scope{ |
| paddy@15 | 9 ID: "https://scopes.useducky.com/devices/pushToken/view", |
| paddy@15 | 10 Name: "View device push tokens.", |
| paddy@15 | 11 Description: "View the push tokens that allow sending messages and notifications to your device. This can be used to force your device to open links, and should be granted with extreme caution.", |
| paddy@15 | 12 } |
| paddy@16 | 13 |
| paddy@16 | 14 // ScopeImport is a Scope that grants access to bulk importing Devices. It grants |
| paddy@16 | 15 // what equates to admin permissions, including the ability to create Devices for |
| paddy@16 | 16 // other users, and thus should be granted with extreme caution. |
| paddy@16 | 17 ScopeImport = scopeTypes.Scope{ |
| paddy@16 | 18 ID: "https://scopes.useducky.com/devices/import", |
| paddy@16 | 19 Name: "Import devices.", |
| paddy@16 | 20 Description: "Import devices into the system, including creating devices for other users. This should only ever be granted to system resources.", |
| paddy@16 | 21 } |
| paddy@16 | 22 |
| paddy@16 | 23 // ScopeCreateOtherUserDevices is a Scope that grants the user the ability to create |
| paddy@16 | 24 // Devices with an Owner property that doesn't match the authenticated user's ID. |
| paddy@16 | 25 ScopeCreateOtherUserDevices = scopeTypes.Scope{ |
| paddy@16 | 26 ID: "https://scopes.useducky.com/devices/otherUser/create", |
| paddy@16 | 27 Name: "Create devices for other users.", |
| paddy@16 | 28 Description: "Create devices like usual, but make a different user the owner of the device.", |
| paddy@16 | 29 } |
| paddy@15 | 30 ) |