Put command access checks on the command level

Checking using `settings.Allowed` is odd. Not all commands are related to setting configuration settings. Admin commands are coming in the future, for which this is certainly not the case. We now do access checks early on (during command processing), so command handlers can be clean of access checks. If we're inside of a command handler, the user is privileged to run it.
2022-08-29 10:25:17 +03:00
parent a62dc0df4f
commit a057654962
5 changed files with 146 additions and 103 deletions
--- a/bot/access.go
+++ b/bot/access.go
@@ -0,0 +1,37 @@
+package bot
+
+import (
+	"fmt"
+
+	"maunium.net/go/mautrix/id"
+
+	"gitlab.com/etke.cc/postmoogle/utils"
+)
+
+type accessCheckerFunc func(id.UserID, id.RoomID) (bool, error)
+
+func (b *Bot) allowAnyone(actorID id.UserID, targetRoomID id.RoomID) (bool, error) {
+	return true, nil
+}
+
+func (b *Bot) allowOwner(actorID id.UserID, targetRoomID id.RoomID) (bool, error) {
+	if !utils.Match(actorID.String(), b.allowedUsers) {
+		return false, nil
+	}
+
+	if b.noowner {
+		return true, nil
+	}
+
+	cfg, err := b.getSettings(targetRoomID)
+	if err != nil {
+		return false, fmt.Errorf("failed to retrieve settings: %v", err)
+	}
+
+	owner := cfg.Owner()
+	if owner == "" {
+		return true, nil
+	}
+
+	return owner == actorID.String(), nil
+}