Merge pull request #43 from nodes-vapor/develop

Casperhr · web-flow · commit 9f30b66e0325 · 2017-03-09T20:15:07.000+01:00
Gate allow leaf tag
diff --git a/Sources/AdminPanel/Resources/Views/Layout/Partials/Navigation/navigation.leaf b/Sources/AdminPanel/Resources/Views/Layout/Partials/Navigation/navigation.leaf
@@ -8,6 +8,14 @@
             Dashboard
         </a>
     </li>
+    
+    #allow(request, "super-admin") {
+    <li class="list-group-heading">
+        Super admin
+    </li>
+    }
+    
+    #allow(request, "admin") {
     <li class="list-group-heading">
         Admin
     </li>
@@ -23,4 +31,5 @@
             Roles
         </a>
     </li>
+    }
 </ul>
diff --git a/Sources/AdminPanel/Support/Gate.swift b/Sources/AdminPanel/Support/Gate.swift
@@ -2,15 +2,15 @@ import Vapor
 
 class Gate {
     
-    public let error = Abort.custom(status: .forbidden, message: "User does not have access to this page")
+    public static let error = Abort.custom(status: .forbidden, message: "User does not have access to this page")
     
     /// Check if a backend_users.role is allowed to access
     ///
     /// - Parameters:
     ///   - backendUserRole: role from config
     ///   - role: role from config
     /// - Returns: bool
-    public func allow(_ backendUserRole: String, _ role: String) -> Bool {
+    public static func allow(_ backendUserRole: String, _ role: String) -> Bool {
         guard let roles = Configuration.shared?.roles else {
             print("AdminPanel.Gate missing configuration")
             return false
@@ -53,27 +53,27 @@ class Gate {
         return false
     }
     
-    public func disallow(_ backendUserRole: String, _ role: String) -> Bool {
-        return !allow(backendUserRole, role)
+    public static func disallow(_ backendUserRole: String, _ role: String) -> Bool {
+        return !self.allow(backendUserRole, role)
     }
     
-    public func allowOrFail(_ backendUserRole: String, _ role: String) throws {
-        if disallow(backendUserRole, role) {
-            throw error
+    public static func allowOrFail(_ backendUserRole: String, _ role: String) throws {
+        if self.disallow(backendUserRole, role) {
+            throw self.error
         }
     }
     
-    public func allow(_ backendUser: BackendUser, _ role: String) -> Bool {
-        return allow(backendUser.role, role)
+    public static func allow(_ backendUser: BackendUser?, _ role: String) -> Bool {
+        return self.allow(backendUser?.role ?? "", role)
     }
     
-    public func disallow(_ backendUser: BackendUser, _ role: String) -> Bool {
-        return !allow(backendUser.role, role)
+    public static func disallow(_ backendUser: BackendUser?, _ role: String) -> Bool {
+        return !self.allow(backendUser?.role ?? "", role)
     }
     
-    public func allowOrFail(_ backendUser: BackendUser, _ role: String) throws {
-        if disallow(backendUser, role) {
-            throw error
+    public static func allowOrFail(_ backendUser: BackendUser?, _ role: String) throws {
+        if self.disallow(backendUser, role) {
+            throw self.error
         }
     }
 }
diff --git a/Sources/AdminPanel/Support/LeafTags/Allow.swift b/Sources/AdminPanel/Support/LeafTags/Allow.swift
@@ -0,0 +1,31 @@
+import Leaf
+
+public final class Allow: Tag {
+    public let name = "allow"
+    
+    public enum Error: Swift.Error {
+        case expetedTwoArguments(have: [Argument])
+    }
+    
+    public func run(
+        stem: Stem,
+        context: Context,
+        tagTemplate: TagTemplate,
+        arguments: [Argument]) throws -> Node? {
+        guard arguments.count == 2 else { throw Error.expetedTwoArguments(have: arguments) }
+        return nil
+    }
+    
+    public func shouldRender(
+        stem: Stem,
+        context: Context,
+        tagTemplate: TagTemplate,
+        arguments: [Argument],
+        value: Node?) -> Bool {
+        guard let request = arguments.first?.value else { return false }
+        guard let backendUserRole = request["storage", "authedBackendUser", "role"]?.string else { return false }
+        guard let role = arguments[1].value?.string else { return false }
+        
+        return Gate.allow(backendUserRole, role)
+    }
+}
diff --git a/Sources/AdminPanel/Support/Provider.swift b/Sources/AdminPanel/Support/Provider.swift
@@ -14,15 +14,16 @@ public final class Provider: Vapor.Provider {
         
         if let leaf = droplet.view as? LeafRenderer {
             // AdminPanel
-            leaf.stem.register(Active());
-            leaf.stem.register(FormOpen());
-            leaf.stem.register(FormClose());
-            leaf.stem.register(FormTextGroup());
-            leaf.stem.register(FormEmailGroup());
-            leaf.stem.register(FormPasswordGroup());
-            leaf.stem.register(FormNumberGroup());
-            leaf.stem.register(FormCheckboxGroup());
-            leaf.stem.register(FormSelectGroup());
+            leaf.stem.register(Active())
+            leaf.stem.register(FormOpen())
+            leaf.stem.register(FormClose())
+            leaf.stem.register(FormTextGroup())
+            leaf.stem.register(FormEmailGroup())
+            leaf.stem.register(FormPasswordGroup())
+            leaf.stem.register(FormNumberGroup())
+            leaf.stem.register(FormCheckboxGroup())
+            leaf.stem.register(FormSelectGroup())
+            leaf.stem.register(Allow())
             
             //Paginator
             leaf.stem.register(PaginatorTag())

Original file line number	Diff line number	Diff line change
`@@ -2,15 +2,15 @@ import Vapor`
`2`	`2`
`3`	`3`	`class Gate {`
`4`	`4`
`5`		`- public let error = Abort.custom(status: .forbidden, message: "User does not have access to this page")`
	`5`	`+ public static let error = Abort.custom(status: .forbidden, message: "User does not have access to this page")`
`6`	`6`
`7`	`7`	`/// Check if a backend_users.role is allowed to access`
`8`	`8`	`///`
`9`	`9`	`/// - Parameters:`
`10`	`10`	`/// - backendUserRole: role from config`
`11`	`11`	`/// - role: role from config`
`12`	`12`	`/// - Returns: bool`
`13`		`- public func allow(_ backendUserRole: String, _ role: String) -> Bool {`
	`13`	`+ public static func allow(_ backendUserRole: String, _ role: String) -> Bool {`
`14`	`14`	`guard let roles = Configuration.shared?.roles else {`
`15`	`15`	`print("AdminPanel.Gate missing configuration")`
`16`	`16`	`return false`
`@@ -53,27 +53,27 @@ class Gate {`
`53`	`53`	`return false`
`54`	`54`	`}`
`55`	`55`
`56`		`- public func disallow(_ backendUserRole: String, _ role: String) -> Bool {`
`57`		`- return !allow(backendUserRole, role)`
	`56`	`+ public static func disallow(_ backendUserRole: String, _ role: String) -> Bool {`
	`57`	`+ return !self.allow(backendUserRole, role)`
`58`	`58`	`}`
`59`	`59`
`60`		`- public func allowOrFail(_ backendUserRole: String, _ role: String) throws {`
`61`		`- if disallow(backendUserRole, role) {`
`62`		`- throw error`
	`60`	`+ public static func allowOrFail(_ backendUserRole: String, _ role: String) throws {`
	`61`	`+ if self.disallow(backendUserRole, role) {`
	`62`	`+ throw self.error`
`63`	`63`	`}`
`64`	`64`	`}`
`65`	`65`
`66`		`- public func allow(_ backendUser: BackendUser, _ role: String) -> Bool {`
`67`		`- return allow(backendUser.role, role)`
	`66`	`+ public static func allow(_ backendUser: BackendUser?, _ role: String) -> Bool {`
	`67`	`+ return self.allow(backendUser?.role ?? "", role)`
`68`	`68`	`}`
`69`	`69`
`70`		`- public func disallow(_ backendUser: BackendUser, _ role: String) -> Bool {`
`71`		`- return !allow(backendUser.role, role)`
	`70`	`+ public static func disallow(_ backendUser: BackendUser?, _ role: String) -> Bool {`
	`71`	`+ return !self.allow(backendUser?.role ?? "", role)`
`72`	`72`	`}`
`73`	`73`
`74`		`- public func allowOrFail(_ backendUser: BackendUser, _ role: String) throws {`
`75`		`- if disallow(backendUser, role) {`
`76`		`- throw error`
	`74`	`+ public static func allowOrFail(_ backendUser: BackendUser?, _ role: String) throws {`
	`75`	`+ if self.disallow(backendUser, role) {`
	`76`	`+ throw self.error`
`77`	`77`	`}`
`78`	`78`	`}`
`79`	`79`	`}`