Skip to content

Commit e8ea54c

Browse files
committed
fix(auth): use UserRole enum instead of bool
- Replaced isAnonymous and isAdmin - Used UserRole enum for clarity - Updated auth checks accordingly
1 parent 56a4aff commit e8ea54c

File tree

7 files changed

+17
-21
lines changed

7 files changed

+17
-21
lines changed

lib/src/services/auth_service.dart

Lines changed: 5 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -115,8 +115,7 @@ class AuthService {
115115
user = User(
116116
id: _uuid.v4(), // Generate new ID
117117
email: email,
118-
isAnonymous: false, // Email verified user is not anonymous
119-
isAdmin: false,
118+
role: UserRole.standardUser, // Email verified user is standard user
120119
);
121120
user = await _userRepository.create(item: user); // Save the new user
122121
print('Created new user: ${user.id}');
@@ -155,9 +154,8 @@ class AuthService {
155154
try {
156155
user = User(
157156
id: _uuid.v4(), // Generate new ID
158-
isAnonymous: true,
157+
role: UserRole.guestUser, // Anonymous users are guest users
159158
email: null, // Anonymous users don't have an email initially
160-
isAdmin: false,
161159
);
162160
user = await _userRepository.create(item: user);
163161
print('Created anonymous user: ${user.id}');
@@ -248,7 +246,7 @@ class AuthService {
248246
required User anonymousUser,
249247
required String emailToLink,
250248
}) async {
251-
if (!anonymousUser.isAnonymous) {
249+
if (anonymousUser.role != UserRole.guestUser) {
252250
throw const BadRequestException(
253251
'Account is already permanent. Cannot link email.',
254252
);
@@ -310,7 +308,7 @@ class AuthService {
310308
required String codeFromUser,
311309
required String oldAnonymousToken, // Needed to invalidate it
312310
}) async {
313-
if (!anonymousUser.isAnonymous) {
311+
if (anonymousUser.role != UserRole.guestUser) {
314312
// Should ideally not happen if flow is correct, but good safeguard.
315313
throw const BadRequestException(
316314
'Account is already permanent. Cannot complete email linking.',
@@ -335,8 +333,7 @@ class AuthService {
335333
final updatedUser = User(
336334
id: anonymousUser.id, // Preserve original ID
337335
email: linkedEmail,
338-
isAnonymous: false, // Now a permanent user
339-
isAdmin: false,
336+
role: UserRole.standardUser, // Now a permanent standard user
340337
);
341338
final permanentUser = await _userRepository.update(
342339
id: updatedUser.id,

lib/src/services/jwt_auth_token_service.dart

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -64,7 +64,7 @@ class JwtAuthTokenService implements AuthTokenService {
6464

6565
// Custom claims (optional, include what's useful)
6666
'email': user.email,
67-
'isAnonymous': user.isAnonymous,
67+
'role': user.role, // Include the user's role
6868
},
6969
issuer: _issuer,
7070
subject: user.id,

routes/api/v1/auth/link-email.dart

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ Future<Response> onRequest(RequestContext context) async {
2222
// This should ideally be caught by `authenticationProvider` if route is protected
2323
throw const UnauthorizedException('Authentication required to link email.');
2424
}
25-
if (!authenticatedUser.isAnonymous) {
25+
if (authenticatedUser.role != UserRole.guestUser) {
2626
throw const BadRequestException(
2727
'Account is already permanent. Cannot initiate email linking.',
2828
);

routes/api/v1/auth/verify-link-email.dart

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ Future<Response> onRequest(RequestContext context) async {
2323
'Authentication required to verify email link.',
2424
);
2525
}
26-
if (!authenticatedUser.isAnonymous) {
26+
if (authenticatedUser.role != UserRole.guestUser) {
2727
throw const BadRequestException(
2828
'Account is already permanent. Cannot complete email linking.',
2929
);

routes/api/v1/data/[id].dart

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -82,7 +82,7 @@ Future<Response> _handleGet(
8282
) async {
8383
// Apply access control based on ownership type for GET requests
8484
if (modelConfig.ownership == ModelOwnership.adminOwned &&
85-
!authenticatedUser.isAdmin) {
85+
authenticatedUser.role != UserRole.admin) {
8686
throw const ForbiddenException(
8787
'You do not have permission to read this resource.',
8888
);
@@ -201,13 +201,13 @@ Future<Response> _handlePut(
201201
// Apply access control based on ownership type for PUT requests
202202
if ((modelConfig.ownership == ModelOwnership.adminOwned ||
203203
modelConfig.ownership == ModelOwnership.adminOwnedReadAllowed) &&
204-
!authenticatedUser.isAdmin) {
204+
authenticatedUser.role != UserRole.admin) {
205205
throw const ForbiddenException(
206206
'Only administrators can update this resource.',
207207
);
208208
}
209209
if (modelConfig.ownership == ModelOwnership.userOwned &&
210-
!authenticatedUser.isAdmin) {
210+
authenticatedUser.role != UserRole.admin) {
211211
// For userOwned, non-admins must be the owner.
212212
// The repository will enforce this check when userIdForRepoCall is passed.
213213
}
@@ -351,13 +351,13 @@ Future<Response> _handleDelete(
351351
// Apply access control based on ownership type for DELETE requests
352352
if ((modelConfig.ownership == ModelOwnership.adminOwned ||
353353
modelConfig.ownership == ModelOwnership.adminOwnedReadAllowed) &&
354-
!authenticatedUser.isAdmin) {
354+
authenticatedUser.role != UserRole.admin) {
355355
throw const ForbiddenException(
356356
'Only administrators can delete this resource.',
357357
);
358358
}
359359
if (modelConfig.ownership == ModelOwnership.userOwned &&
360-
!authenticatedUser.isAdmin) {
360+
authenticatedUser.role != UserRole.admin) {
361361
// For userOwned, non-admins must be the owner.
362362
// The repository will enforce this check when userIdForRepoCall is passed.
363363
}

routes/api/v1/data/index.dart

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -84,7 +84,7 @@ Future<Response> _handleGet(
8484

8585
// Apply access control based on ownership type for GET requests
8686
if (modelConfig.ownership == ModelOwnership.adminOwned &&
87-
!authenticatedUser.isAdmin) {
87+
authenticatedUser.role != UserRole.admin) {
8888
throw const ForbiddenException(
8989
'You do not have permission to read this resource.',
9090
);
@@ -243,7 +243,7 @@ Future<Response> _handlePost(
243243
// Apply access control based on ownership type for POST requests
244244
if ((modelConfig.ownership == ModelOwnership.adminOwned ||
245245
modelConfig.ownership == ModelOwnership.adminOwnedReadAllowed) &&
246-
!authenticatedUser.isAdmin) {
246+
authenticatedUser.role != UserRole.admin) {
247247
throw const ForbiddenException(
248248
'Only administrators can create this resource.',
249249
);

test/src/services/jwt_auth_token_service_test.dart

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -21,15 +21,14 @@ void main() {
2121
const testUser = User(
2222
id: 'user-jwt-123',
2323
24-
isAnonymous: false,
25-
isAdmin: false,
24+
role: UserRole.standardUser,
2625
);
2726
const testUuidValue = 'test-uuid-v4';
2827

2928
setUpAll(() {
3029
// Register fallback values for argument matchers
3130
registerFallbackValue(
32-
const User(id: 'fallback', isAnonymous: true, isAdmin: false),
31+
const User(id: 'fallback', role: UserRole.guestUser),
3332
);
3433
// Register fallback for DateTime if needed for blacklist mock
3534
registerFallbackValue(DateTime(2024));

0 commit comments

Comments
 (0)