Skip to content

Commit d777ead

Browse files
bounoablebounoable
committed
Revert "fix(contrib/auth): add checks to ensure events apply only to current actor in Permissions methods"
This reverts commit 94aa51a.
1 parent 94aa51a commit d777ead

File tree

1 file changed

+4
-32
lines changed

1 file changed

+4
-32
lines changed

contrib/auth/permissions.go

Lines changed: 4 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,6 @@ package auth
33
import (
44
"context"
55
"fmt"
6-
"slices"
76

87
"github.com/google/uuid"
98
"github.com/modernice/goes/aggregate"
@@ -24,17 +23,15 @@ import (
2423
//
2524
// For example, if an actor is a member of an "admin" role, and the following
2625
// permissions are granted and revoked in the following order:
27-
// 1. Actor is granted "view" permission on a "foo" aggregate.
28-
// 2. Role is granted "view" permission on the same "foo" aggregate.
29-
// 3. Role is revoked "view" permission on the aggregate.
30-
//
26+
// 1. Actor is granted "view" permission on a "foo" aggregate.
27+
// 2. Role is granted "view" permission on the same "foo" aggregate.
28+
// 3. Role is revoked "view" permission on the aggregate.
3129
// Then the actor is still allowed to perform the "view" action on the aggregate.
3230
//
3331
// Another example:
34-
// 1. Role is granted "view" permission on a "foo" aggregate.
32+
// 1. Role is granted "view" permission on a "foo" aggregate.
3533
// 2. Actor is granted "view" permission on the same aggregate.
3634
// 2. Actor is revoked "view" permission on the aggregate.
37-
//
3835
// Then the actor is also allowed to perform the "view" action on the aggregate
3936
// because the role still grants the permission its members.
4037
type Permissions struct {
@@ -57,7 +54,6 @@ type PermissionsDTO struct {
5754
// The returned projection has an empty state. A *Projector can be used to
5855
// continuously project the permission read-models for all actors. Use a
5956
// PermissionRepository to fetch the projected permissions of an actor:
60-
//
6157
// var repo auth.PermissionRepository
6258
// var actorID uuid.UUID
6359
// perms, err := repo.Fetch(context.TODO(), actorID)
@@ -129,51 +125,27 @@ func (perms PermissionsDTO) Equal(other PermissionsDTO) bool {
129125
func (perms *Permissions) granted(evt event.Of[PermissionGrantedData]) {
130126
switch pick.AggregateName(evt) {
131127
case ActorAggregate:
132-
if perms.ActorID != pick.AggregateID(evt) {
133-
return
134-
}
135-
136128
perms.OfActor.granted(evt)
137129
case RoleAggregate:
138-
if !slices.Contains(perms.Roles, pick.AggregateID(evt)) {
139-
return
140-
}
141-
142130
perms.OfRoles.granted(evt)
143131
}
144132
}
145133

146134
func (perms *Permissions) revoked(evt event.Of[PermissionRevokedData]) {
147135
switch pick.AggregateName(evt) {
148136
case ActorAggregate:
149-
if perms.ActorID != pick.AggregateID(evt) {
150-
return
151-
}
152-
153137
perms.OfActor.revoked(evt)
154138
case RoleAggregate:
155-
if !slices.Contains(perms.Roles, pick.AggregateID(evt)) {
156-
return
157-
}
158-
159139
perms.OfRoles.revoked(evt)
160140
}
161141
}
162142

163143
func (perms *Permissions) roleGiven(evt event.Of[[]uuid.UUID]) {
164-
if perms.ActorID != pick.AggregateID(evt) {
165-
return
166-
}
167-
168144
perms.Roles = append(perms.Roles, pick.AggregateID(evt))
169145
perms.rolesHaveChanged = true
170146
}
171147

172148
func (perms *Permissions) roleRemoved(evt event.Of[[]uuid.UUID]) {
173-
if perms.ActorID != pick.AggregateID(evt) {
174-
return
175-
}
176-
177149
roleID := pick.AggregateID(evt)
178150
for i, role := range perms.Roles {
179151
if roleID == role {

0 commit comments

Comments
 (0)