// GoToSocial // Copyright (C) GoToSocial Authors admin@gotosocial.org // SPDX-License-Identifier: AGPL-3.0-or-later // // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU Affero General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU Affero General Public License for more details. // // You should have received a copy of the GNU Affero General Public License // along with this program. If not, see . package util import ( "strings" ) type Scope string const ( /* Sub-scopes / scope components */ scopeAccounts = "accounts" scopeBlocks = "blocks" scopeBookmarks = "bookmarks" scopeConversations = "conversations" scopeDomainAllows = "domain_allows" scopeDomainBlocks = "domain_blocks" scopeFavourites = "favourites" scopeFilters = "filters" scopeFollows = "follows" scopeLists = "lists" scopeMedia = "media" scopeMutes = "mutes" scopeNotifications = "notifications" scopeReports = "reports" scopeSearch = "search" scopeStatuses = "statuses" /* Top-level scopes */ ScopeProfile Scope = "profile" ScopePush Scope = "push" ScopeRead Scope = "read" ScopeWrite Scope = "write" ScopeAdmin Scope = "admin" ScopeAdminRead Scope = ScopeAdmin + ":" + ScopeRead ScopeAdminWrite Scope = ScopeAdmin + ":" + ScopeWrite /* Granular scopes */ ScopeReadAccounts Scope = ScopeRead + ":" + scopeAccounts ScopeWriteAccounts Scope = ScopeWrite + ":" + scopeAccounts ScopeReadBlocks Scope = ScopeRead + ":" + scopeBlocks ScopeWriteBlocks Scope = ScopeWrite + ":" + scopeBlocks ScopeReadBookmarks Scope = ScopeRead + ":" + scopeBookmarks ScopeWriteBookmarks Scope = ScopeWrite + ":" + scopeBookmarks ScopeWriteConversations Scope = ScopeWrite + ":" + scopeConversations ScopeReadFavourites Scope = ScopeRead + ":" + scopeFavourites ScopeWriteFavourites Scope = ScopeWrite + ":" + scopeFavourites ScopeReadFilters Scope = ScopeRead + ":" + scopeFilters ScopeWriteFilters Scope = ScopeWrite + ":" + scopeFilters ScopeReadFollows Scope = ScopeRead + ":" + scopeFollows ScopeWriteFollows Scope = ScopeWrite + ":" + scopeFollows ScopeReadLists Scope = ScopeRead + ":" + scopeLists ScopeWriteLists Scope = ScopeWrite + ":" + scopeLists ScopeWriteMedia Scope = ScopeWrite + ":" + scopeMedia ScopeReadMutes Scope = ScopeRead + ":" + scopeMutes ScopeWriteMutes Scope = ScopeWrite + ":" + scopeMutes ScopeReadNotifications Scope = ScopeRead + ":" + scopeNotifications ScopeWriteNotifications Scope = ScopeWrite + ":" + scopeNotifications ScopeWriteReports Scope = ScopeWrite + ":" + scopeReports ScopeReadSearch Scope = ScopeRead + ":" + scopeSearch ScopeReadStatuses Scope = ScopeRead + ":" + scopeStatuses ScopeWriteStatuses Scope = ScopeWrite + ":" + scopeStatuses ScopeAdminReadAccounts Scope = ScopeAdminRead + ":" + scopeAccounts ScopeAdminWriteAccounts Scope = ScopeAdminWrite + ":" + scopeAccounts ScopeAdminReadReports Scope = ScopeAdminRead + ":" + scopeReports ScopeAdminWriteReports Scope = ScopeAdminWrite + ":" + scopeReports ScopeAdminReadDomainAllows Scope = ScopeAdminRead + ":" + scopeDomainAllows ScopeAdminWriteDomainAllows Scope = ScopeAdminWrite + ":" + scopeDomainAllows ScopeAdminReadDomainBlocks Scope = ScopeAdminRead + ":" + scopeDomainBlocks ScopeAdminWriteDomainBlocks Scope = ScopeAdminWrite + ":" + scopeDomainBlocks ) // Permits returns true if the // scope permits the wanted scope. func (has Scope) Permits(wanted Scope) bool { if has == wanted { // Exact match on either a // top-level or granular scope. return true } // Ensure we have a // known top-level scope. switch has { case ScopeProfile, ScopePush, ScopeRead, ScopeWrite, ScopeAdmin, ScopeAdminRead, ScopeAdminWrite: // Check if top-level includes wanted, // eg., have "admin", want "admin:read". return strings.HasPrefix(string(wanted), string(has)+":") default: // Unknown top-level scope, // can't permit anything. return false } }