Add authentication.

2025-11-06 13:35:50 +01:00 · 2013-06-05 02:46:16 +09:00
parent 0bb46ba756
commit 4d5ce740c4
5 changed files with 112 additions and 103 deletions
--- a/src/main/scala/util/Authenticator.scala
+++ b/src/main/scala/util/Authenticator.scala
@@ -8,7 +8,10 @@ import service._
 */
 trait OwnerOnlyAuthenticator { self: ControllerBase =>

-  protected def ownerOnly(action: => Any) = {
+  protected def ownerOnly(action: => Any) = { authenticate(action) }
+  protected def ownerOnly[T](action: T => Any) = (form: T) => authenticate({action(form)})
+
+  private def authenticate(action: => Any) = {
    {
      context.loginAccount match {
        case Some(x) if(x.userType == AccountService.Administrator) => action
@@ -17,16 +20,6 @@ trait OwnerOnlyAuthenticator { self: ControllerBase =>
      }
    }
  }
-
-  protected def ownerOnly[T](action: T => Any) = {
-    (form: T) => {
-      context.loginAccount match {
-        case Some(x) if(x.userType == AccountService.Administrator) => action(form)
-        case Some(x) if(request.getRequestURI.split("/")(1) == x.userName) => action(form)
-        case _ => redirect("/signin")
-      }
-    }
-  }
 }

 /**
@@ -34,7 +27,10 @@ trait OwnerOnlyAuthenticator { self: ControllerBase =>
 */
 trait UsersOnlyAuthenticator { self: ControllerBase =>

-  protected def usersOnly(action: => Any) = {
+  protected def usersOnly(action: => Any) = { authenticate(action) }
+  protected def usersOnly[T](action: T => Any) = (form: T) => authenticate({action(form)})
+
+  private def authenticate(action: => Any) = {
    {
      context.loginAccount match {
        case Some(x) => action
@@ -42,12 +38,21 @@ trait UsersOnlyAuthenticator { self: ControllerBase =>
      }
    }
  }
+}

-  protected def usersOnly[T](action: T => Any) = {
-    (form: T) => {
+/**
+ * Allows only administrators.
+ */
+trait AdminOnlyAuthenticator { self: ControllerBase =>
+
+  protected def adminOnly(action: => Any) = { authenticate(action) }
+  protected def adminOnly[T](action: T => Any) = (form: T) => authenticate({action(form)})
+
+  private def authenticate(action: => Any) = {
+    {
      context.loginAccount match {
-        case Some(x) => action(form)
-        case None    => redirect("/signin")
+        case Some(x) if(x.userType == AccountService.Administrator) => action
+        case _ => redirect("/signin")
      }
    }
  }
@@ -56,41 +61,44 @@ trait UsersOnlyAuthenticator { self: ControllerBase =>
 /**
 * Allows only collaborators and administrators.
 */
-trait CollaboratorsOnlyAuthenticator { self: ControllerBase with RepositoryService =>
+trait WritableRepositoryAuthenticator { self: ControllerBase with RepositoryService =>

-  protected def collaboratorsOnly(action: => Any) = {
-    {
+  protected def writableRepository(action: => Any) = { authenticate(action) }
+  protected def writableRepository[T](action: T => Any) = (form: T) => authenticate({action(form)})
+
+  private def authenticate(action: => Any) = {
+      val paths = request.getRequestURI.split("/")
      context.loginAccount match {
        case Some(x) if(x.userType == AccountService.Administrator) => action
-        case Some(x) if(request.getRequestURI.split("/")(1) == x.userName) => action
-        case Some(x) => {
-          val paths = request.getRequestURI.split("/")
-          if(getCollaborators(paths(1), paths(2)).contains(x.userName)){
-            action
-          } else {
-            redirect("/signin")
-          }
-        }
-        case None => redirect("/signin")
+        case Some(x) if(paths(1) == x.userName) => action
+        case Some(x) if(getCollaborators(paths(1), paths(2)).contains(x.userName)) => action
+        case _ => redirect("/signin")
      }
-    }
  }
+}

-  protected def collaboratorsOnly[T](action: T => Any) = {
-    (form: T) => {
-      context.loginAccount match {
-        case Some(x) if(x.userType == AccountService.Administrator) => action(form)
-        case Some(x) if(request.getRequestURI.split("/")(1) == x.userName) => action(form)
-        case Some(x) => {
-          val paths = request.getRequestURI.split("/")
-          if(getCollaborators(paths(1), paths(2)).contains(x.userName)){
-            action(form)
-          } else {
-            redirect("/signin")
-          }
+/**
+ * Allows only the repository owner and administrators.
+ */
+trait ReadableRepositoryAuthenticator { self: ControllerBase with RepositoryService =>
+
+  protected def readableRepository(action: => Any) = { authenticate(action) }
+  protected def readableRepository[T](action: T => Any) = (form: T) => authenticate({action(form)})
+
+  private def authenticate(action: => Any) = {
+    {
+      val paths = request.getRequestURI.split("/")
+      val repository = getRepository(paths(1), paths(2), servletContext)
+      if(repository.get.repository.repositoryType == RepositoryService.Public){
+        action
+      } else {
+        context.loginAccount match {
+          case Some(x) if(x.userType == AccountService.Administrator) => action
+          case Some(x) if(paths(1) == x.userName) => action
+          case Some(x) if(getCollaborators(paths(1), paths(2)).contains(x.userName)) => action
+          case _ => redirect("/")
        }
-        case None => redirect("/signin")
      }
    }
  }
-}
+}