Merge pull request #27 from coldbox-modules/hasPermission-GP

lmajano · web-flow · commit a4494f901371 · 2021-01-18T16:29:38.000-06:00
Simplifying the hasPermission interface by always handling the array …
diff --git a/.gitignore b/.gitignore
@@ -11,4 +11,6 @@ test-harness/logs/**
 test-harness/modules/**
 
 # log files
-logs/**
+logs/**
+
+modules/**
diff --git a/interceptors/Security.cfc b/interceptors/Security.cfc
@@ -556,13 +556,9 @@ component accessors="true" extends="coldbox.system.Interceptor" {
 	 * @return { allow:boolean, type:string(authentication|authorization)}
 	 */
 	private struct function verifySecuredAnnotation( required securedValue, required event ){
-		// If no value, then default it to true
-		if ( !len( arguments.securedValue ) ) {
-			arguments.securedValue = true;
-		}
 
 		// Are we securing?
-		if ( isBoolean( arguments.securedValue ) && !arguments.securedValue ) {
+		if ( len( arguments.securedValue ) && isBoolean( arguments.securedValue ) && !arguments.securedValue ) {
 			return {
 				"allow" : true,
 				"type"  : "authentication"
diff --git a/interfaces/IAuthUser.cfc b/interfaces/IAuthUser.cfc
@@ -12,9 +12,9 @@ interface{
     function getId();
 
     /**
-     * Verify if the user has one or more of the passed in permissions
+     * Verify if the user has the permission passed in
      *
-     * @permission One or a list of permissions to check for access
+     * @permission A single permission to check for access
      *
      */
     boolean function hasPermission( required permission );
diff --git a/interfaces/ISecurityValidator.cfc b/interfaces/ISecurityValidator.cfc
@@ -10,9 +10,10 @@ interface{
 	 * This function is called once an incoming event matches a security rule.
 	 * You will receive the security rule that matched and an instance of the ColdBox controller.
 	 *
-	 * You must return a struct with two keys:
+	 * You must return a struct with three keys:
 	 * - allow:boolean True, user can continue access, false, invalid access actions will ensue
 	 * - type:string(authentication|authorization) The type of block that ocurred.  Either an authentication or an authorization issue.
+	 * - messages:string Info/debug messages
 	 *
 	 * @return { allow:boolean, type:string(authentication|authorization), messages:string }
 	 */
@@ -22,9 +23,10 @@ interface{
 	 * This function is called once access to a handler/action is detected.
 	 * You will receive the secured annotation value and an instance of the ColdBox Controller
 	 *
-	 * You must return a struct with two keys:
+	 * You must return a struct with three keys:
 	 * - allow:boolean True, user can continue access, false, invalid access actions will ensue
 	 * - type:string(authentication|authorization) The type of block that ocurred.  Either an authentication or an authorization issue.
+	 * - messages:string Info/debug messages
 	 *
 	 * @return { allow:boolean, type:string(authentication|authorization), messages:string }
 	 */
diff --git a/models/jwt/JwtService.cfc b/models/jwt/JwtService.cfc
@@ -759,10 +759,7 @@ component accessors="true" singleton {
 				results.allow = (
 					tokenHasScopes( arguments.permissions, payload.scope )
 					||
-					variables.cbSecurity
-						.getAuthService()
-						.getUser()
-						.hasPermission( arguments.permissions )
+					variables.cbSecurity.has( arguments.permissions )
 				);
 				results.type = "authorization";
 			} else {
diff --git a/models/validators/CBAuthValidator.cfc b/models/validators/CBAuthValidator.cfc
@@ -15,12 +15,12 @@ component singleton {
 	 * You will receive the security rule that matched and an instance of the
 	 * ColdBox controller.
 	 *
-	 * You must return a struct with two keys:
+	 * You must return a struct with three keys:
 	 * - allow:boolean True, user can continue access, false, invalid access actions will ensue
 	 * - type:string(authentication|authorization) The type of block that ocurred.  Either an authentication or an authorization issue.
 	 * - messages:string Info/debug messages
 	 *
-	 * @return { allow:boolean, type:authentication|authorization, messages:string }
+	 * @return { allow:boolean, type:string(authentication|authorization), messages:string }
 	 */
 	struct function ruleValidator( required rule, required controller ){
 		return validateSecurity( arguments.rule.permissions );
@@ -30,12 +30,12 @@ component singleton {
 	 * This function is called once access to a handler/action is detected.
 	 * You will receive the secured annotation value and an instance of the ColdBox Controller
 	 *
-	 * You must return a struct with two keys:
+	 * You must return a struct with three keys:
 	 * - allow:boolean True, user can continue access, false, invalid access actions will ensue
 	 * - type:string(authentication|authorization) The type of block that ocurred.  Either an authentication or an authorization issue.
 	 * - messages:string Info/debug messages
 	 *
-	 * @return { allow:boolean, type:authentication|authorization, messages:string }
+	 * @return { allow:boolean, type:string(authentication|authorization), messages:string }
 	 */
 	struct function annotationValidator( required securedValue, required controller ){
 		return validateSecurity( arguments.securedValue );
@@ -57,7 +57,7 @@ component singleton {
 		if ( variables.cbSecurity.getAuthService().isLoggedIn() ) {
 			// Do we have any permissions?
 			if ( listLen( arguments.permissions ) ) {
-				results.allow = variables.cbSecurity.getAuthService().getUser().hasPermission( arguments.permissions );
+				results.allow = variables.cbSecurity.has( arguments.permissions );
 				results.type  = "authorization";
 			} else {
 				// We are satisfied!
diff --git a/models/validators/CFValidator.cfc b/models/validators/CFValidator.cfc
@@ -12,12 +12,12 @@ component singleton {
 	 * You will receive the security rule that matched and an instance of the
 	 * ColdBox controller.
 	 *
-	 * You must return a struct with two keys:
+	 * You must return a struct with three keys:
 	 * - allow:boolean True, user can continue access, false, invalid access actions will ensue
 	 * - type:string(authentication|authorization) The type of block that ocurred.  Either an authentication or an authorization issue.
 	 * - messages:string Info/debug messages
 	 *
-	 * @return { allow:boolean, type:authentication|authorization, messages:string }
+	 * @return { allow:boolean, type:string(authentication|authorization), messages:string }
 	 */
 	struct function ruleValidator( required rule, required controller ){
 		return validateSecurity( arguments.rule.roles );
@@ -27,12 +27,12 @@ component singleton {
 	 * This function is called once access to a handler/action is detected.
 	 * You will receive the secured annotation value and an instance of the ColdBox Controller
 	 *
-	 * You must return a struct with two keys:
+	 * You must return a struct with three keys:
 	 * - allow:boolean True, user can continue access, false, invalid access actions will ensue
 	 * - type:string(authentication|authorization) The type of block that ocurred.  Either an authentication or an authorization issue.
 	 * - messages:string Info/debug messages
 	 *
-	 * @return { allow:boolean, type:authentication|authorization, messages:string }
+	 * @return { allow:boolean, type:string(authentication|authorization), messages:string }
 	 */
 	struct function annotationValidator( required securedValue, required controller ){
 		return validateSecurity( arguments.securedValue );

Original file line number	Diff line number	Diff line change
`@@ -12,9 +12,9 @@ interface{`
`12`	`12`	`function getId();`
`13`	`13`
`14`	`14`	`/**`
`15`		`- * Verify if the user has one or more of the passed in permissions`
	`15`	`+ * Verify if the user has the permission passed in`
`16`	`16`	`*`
`17`		`- * @permission One or a list of permissions to check for access`
	`17`	`+ * @permission A single permission to check for access`
`18`	`18`	`*`
`19`	`19`	`*/`
`20`	`20`	`boolean function hasPermission( required permission );`
Original file line number	Diff line number	Diff line change
`@@ -10,9 +10,10 @@ interface{`
`10`	`10`	`* This function is called once an incoming event matches a security rule.`
`11`	`11`	`* You will receive the security rule that matched and an instance of the ColdBox controller.`
`12`	`12`	`*`
`13`		`- * You must return a struct with two keys:`
	`13`	`+ * You must return a struct with three keys:`
`14`	`14`	`* - allow:boolean True, user can continue access, false, invalid access actions will ensue`
`15`	`15`	`* - type:string(authentication\|authorization) The type of block that ocurred. Either an authentication or an authorization issue.`
	`16`	`+ * - messages:string Info/debug messages`
`16`	`17`	`*`
`17`	`18`	`* @return { allow:boolean, type:string(authentication\|authorization), messages:string }`
`18`	`19`	`*/`
`@@ -22,9 +23,10 @@ interface{`
`22`	`23`	`* This function is called once access to a handler/action is detected.`
`23`	`24`	`* You will receive the secured annotation value and an instance of the ColdBox Controller`
`24`	`25`	`*`
`25`		`- * You must return a struct with two keys:`
	`26`	`+ * You must return a struct with three keys:`
`26`	`27`	`* - allow:boolean True, user can continue access, false, invalid access actions will ensue`
`27`	`28`	`* - type:string(authentication\|authorization) The type of block that ocurred. Either an authentication or an authorization issue.`
	`29`	`+ * - messages:string Info/debug messages`
`28`	`30`	`*`
`29`	`31`	`* @return { allow:boolean, type:string(authentication\|authorization), messages:string }`
`30`	`32`	`*/`