source-academy · RichDom2185 · Jul 26, 2023 · Jul 22, 2023 · Jul 22, 2023 · Jul 22, 2023
diff --git a/internal/auth/permission.go b/internal/auth/permission.go
@@ -0,0 +1,14 @@
+package auth
+
+import (
+	"net/http"
+
+	"github.com/source-academy/stories-backend/internal/auth/permissions"
+)
+
+func CheckPermissions(r *http.Request, requestedActionPermissions ...permissions.PermissionGroup) (bool, error) {
+	requiredPermissions := permissions.AllOf{
+		Groups: requestedActionPermissions,
+	}
+	return requiredPermissions.IsAuthorized(r), nil
+}
diff --git a/internal/auth/permissions/users/permissions.go b/internal/auth/permissions/users/permissions.go
@@ -0,0 +1,20 @@
+package userpermissions
+
+type Permission string
+
+const (
+	CanCreateUsers Permission = "can_create_users"
+	CanReadUsers   Permission = "can_read_users"
+	CanUpdateUsers Permission = "can_update_users"
+	CanDeleteUsers Permission = "can_delete_users"
+
+	CanCreateGroups Permission = "can_create_groups"
+	CanReadGroups   Permission = "can_read_groups"
+	CanUpdateGroups Permission = "can_update_groups"
+	CanDeleteGroups Permission = "can_delete_groups"
+
+	CanCreateStories Permission = "can_create_stories"
+	CanReadStories   Permission = "can_read_stories"
+	CanUpdateStories Permission = "can_update_stories"
+	CanDeleteStories Permission = "can_delete_stories"
+)
diff --git a/internal/auth/permissions/users/role.go b/internal/auth/permissions/users/role.go
@@ -0,0 +1,25 @@
+package userpermissions
+
+import (
+	"net/http"
+
+	"github.com/source-academy/stories-backend/internal/auth"
+	groupenums "github.com/source-academy/stories-backend/internal/enums/groups"
+)
+
+type RolePermission struct {
+	Permission Permission
+	Role       groupenums.Role
+}
+
+func (p RolePermission) IsAuthorized(r *http.Request) bool {
+	userID, err := auth.GetUserIDFrom(r)
+	if err != nil {
+		return false
+	}
+	// FIXME: Implement. Blocked by request context missing group info.
+	_ = userID
+	// role := getRole(userID, groupID)
+	// return groupenums.IsRoleGreaterThan(role, p.Role)
+	return false
+}
diff --git a/internal/auth/permissions/users/users.go b/internal/auth/permissions/users/users.go
@@ -0,0 +1,48 @@
+package userpermissions
+
+import (
+	"errors"
+
+	groupenums "github.com/source-academy/stories-backend/internal/enums/groups"
+)
+
+// Gets the RolePermission from a Permission. To be called
+// by external packages.
+// TODO: Investigate possibility of defining roles on a
+// per-user/group basis in the DB.
+func GetRolePermission(p Permission) *RolePermission {
+	switch p {
+	case
+		// Permissions for all users
+		CanCreateStories,
+		CanReadStories:
+		return &RolePermission{
+			Permission: p,
+			Role:       groupenums.RoleStandard,
+		}
+	case
+		// Additional permissions for moderators and administrators
+		CanUpdateStories,
+		CanDeleteStories:
+		return &RolePermission{
+			Permission: p,
+			Role:       groupenums.RoleModerator,
+		}
+	case
+		// Additional permissions for administrators only
+		CanCreateUsers,
+		CanReadUsers,
+		CanUpdateUsers,
+		CanDeleteUsers,
+		CanCreateGroups,
+		CanReadGroups,
+		CanUpdateGroups,
+		CanDeleteGroups:
+		return &RolePermission{
+			Permission: p,
+			Role:       groupenums.RoleAdmin,
+		}
+	}
+	// Illegal path - all permissions should have been handled above
+	panic(errors.New("Illegal path - all permissions should have been handled above"))
+}
diff --git a/internal/auth/permissions/validation.go b/internal/auth/permissions/validation.go
@@ -0,0 +1,35 @@
+package permissions
+
+import (
+	"net/http"
+)
+
+type PermissionGroup interface {
+	IsAuthorized(*http.Request) bool
+}
+
+type AllOf struct {
+	Groups []PermissionGroup
+}
+
+func (a AllOf) IsAuthorized(r *http.Request) bool {
+	for _, group := range a.Groups {
+		if !group.IsAuthorized(r) {
+			return false
+		}
+	}
+	return true
+}
+
+type AnyOf struct {
+	Groups []PermissionGroup
+}
+
+func (a AnyOf) IsAuthorized(r *http.Request) bool {
+	for _, group := range a.Groups {
+		if group.IsAuthorized(r) {
+			return true
+		}
+	}
+	return false
+}
diff --git a/internal/enums/groups/role.go b/internal/enums/groups/role.go
@@ -0,0 +1,47 @@
+package groupenums
+
+type Role uint
+
+const (
+	RoleStandard Role = iota
+	RoleModerator
+	RoleAdmin
+)
+
+// We cannot name it String() because it will conflict with the String() method
+func (role Role) ToString() string {
+	switch role {
+	case RoleStandard:
+		return "user"
+	case RoleModerator:
+		return "moderator"
+	case RoleAdmin:
+		return "admin"
+	}
+	return "unknown"
+}
+
+func RoleFromString(role string) (Role, bool) {
+	switch role {
+	case "user":
+		return RoleStandard, true
+	case "moderator":
+		return RoleModerator, true
+	case "admin":
+		return RoleAdmin, true
+	}
+	// We fall back to standard role as default
+	return RoleStandard, false
+}
+
+func IsRoleGreaterThan(role1, role2 Role) bool {
+	switch role1 {
+	case RoleAdmin:
+		return true
+	case RoleModerator:
+		return role2 != RoleAdmin
+	case RoleStandard:
+		return role2 == RoleStandard
+	}
+	return false
+}