chore(auth): AuthTagLDAP -> AuthTagExternal, AuthTagPWHash -> AuthTagInternal
This commit is contained in:
parent
54f2430b3e
commit
938423b832
@ -72,8 +72,8 @@ UnauthorizedTutorialTutorControl: Ausbilder:innen dürfen diesen Kurs nicht edit
|
|||||||
UnauthorizedCourseTutor: Sie sind nicht Ausbilder:in für diese Kursart.
|
UnauthorizedCourseTutor: Sie sind nicht Ausbilder:in für diese Kursart.
|
||||||
UnauthorizedTutor: Sie sind nicht Ausbilder:in.
|
UnauthorizedTutor: Sie sind nicht Ausbilder:in.
|
||||||
UnauthorizedTutorialRegisterGroup: Sie sind bereits in einem Kurs mit derselben Registrierungs-Gruppe eingetragen.
|
UnauthorizedTutorialRegisterGroup: Sie sind bereits in einem Kurs mit derselben Registrierungs-Gruppe eingetragen.
|
||||||
UnauthorizedLDAP: Angegebener Nutzer/Angegebene Nutzerin meldet sich nicht mit Fraport Login an.
|
UnauthorizedExternal: Angegebene:r Benuzter:in meldet sich nicht über einen aktuell unterstützten externen Login an.
|
||||||
UnauthorizedPWHash: Angegebener Nutzer/Angegebene Nutzerin meldet sich nicht mit FRADrive-Kennung an.
|
UnauthorizedInternal: Angegebene:r Benutzer:in meldet sich nicht mit FRADrive-Kennung an.
|
||||||
UnauthorizedExternalExamListNotEmpty: Liste von externen Prüfungen ist nicht leer
|
UnauthorizedExternalExamListNotEmpty: Liste von externen Prüfungen ist nicht leer
|
||||||
UnauthorizedExternalExamLecturer: Sie sind nicht als Prüfer:in für diese externe Prüfung eingetragen
|
UnauthorizedExternalExamLecturer: Sie sind nicht als Prüfer:in für diese externe Prüfung eingetragen
|
||||||
UnauthorizedSubmissionSubmissionGroup: Sie sind nicht Mitglied in einer der registrierten Abgabegruppen, die an dieser Abgabe beteiligt sind
|
UnauthorizedSubmissionSubmissionGroup: Sie sind nicht Mitglied in einer der registrierten Abgabegruppen, die an dieser Abgabe beteiligt sind
|
||||||
|
|||||||
@ -72,8 +72,8 @@ UnauthorizedTutorialTutorControl: Instructors may not edit this course.
|
|||||||
UnauthorizedCourseTutor: You are no instructor for this course.
|
UnauthorizedCourseTutor: You are no instructor for this course.
|
||||||
UnauthorizedTutor: You are no instructor.
|
UnauthorizedTutor: You are no instructor.
|
||||||
UnauthorizedTutorialRegisterGroup: You are already registered for a course with the same registration group.
|
UnauthorizedTutorialRegisterGroup: You are already registered for a course with the same registration group.
|
||||||
UnauthorizedLDAP: Specified user does not log in with their Fraport password.
|
UnauthorizedExternal: Specified user does not log in with any currently supported external login.
|
||||||
UnauthorizedPWHash: Specified user does not log in with an FRADrive-account.
|
UnauthorizedInternal: Specified user does not log in with a FRADrive-account.
|
||||||
UnauthorizedExternalExamListNotEmpty: List of external exams is not empty
|
UnauthorizedExternalExamListNotEmpty: List of external exams is not empty
|
||||||
UnauthorizedExternalExamLecturer: You are not an associated person for this external exam
|
UnauthorizedExternalExamLecturer: You are not an associated person for this external exam
|
||||||
UnauthorizedSubmissionSubmissionGroup: You are not member in any of the submission groups for this submission
|
UnauthorizedSubmissionSubmissionGroup: You are not member in any of the submission groups for this submission
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
# SPDX-FileCopyrightText: 2022 Gregor Kleen <gregor.kleen@ifi.lmu.de>,Steffen Jost <jost@tcs.ifi.lmu.de>,Winnie Ros <winnie.ros@campus.lmu.de>
|
# SPDX-FileCopyrightText: 2022-2024 Sarah Vaupel <sarah.vaupel@uniworx.de>, Gregor Kleen <gregor.kleen@ifi.lmu.de>, Steffen Jost <jost@tcs.ifi.lmu.de>, Winnie Ros <winnie.ros@campus.lmu.de>
|
||||||
#
|
#
|
||||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||||
|
|
||||||
@ -45,8 +45,8 @@ AuthTagUserSubmissions: Abgaben erfolgen durch Kursartteilnehmer:innen
|
|||||||
AuthTagCorrectorSubmissions: Abgaben erfolgen durch Korrektor:innen
|
AuthTagCorrectorSubmissions: Abgaben erfolgen durch Korrektor:innen
|
||||||
AuthTagCorrectionAnonymous: Korrektur ist anonymisiert
|
AuthTagCorrectionAnonymous: Korrektur ist anonymisiert
|
||||||
AuthTagSelf: Nutzer:in greift nur auf eigene Daten zu
|
AuthTagSelf: Nutzer:in greift nur auf eigene Daten zu
|
||||||
AuthTagIsLDAP: Nutzer:in meldet sich mit Fraport AG Kennung an
|
AuthTagIsExternal: Nutzer:in meldet sich mit extern verwalteten Logindaten an
|
||||||
AuthTagIsPWHash: Nutzer:in meldet sich mit FRADrive spezifischer Kennung an
|
AuthTagIsInternal: Nutzer:in meldet sich mit FRADrive-internen Logindaten an
|
||||||
AuthTagAuthentication: Nutzer:in ist angemeldet, falls erforderlich
|
AuthTagAuthentication: Nutzer:in ist angemeldet, falls erforderlich
|
||||||
AuthTagRead: Zugriff ist nur lesend
|
AuthTagRead: Zugriff ist nur lesend
|
||||||
AuthTagWrite: Zugriff ist i.A. schreibend
|
AuthTagWrite: Zugriff ist i.A. schreibend
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
# SPDX-FileCopyrightText: 2022 Gregor Kleen <gregor.kleen@ifi.lmu.de>,Sarah Vaupel <sarah.vaupel@ifi.lmu.de>,Steffen Jost <jost@tcs.ifi.lmu.de>,Winnie Ros <winnie.ros@campus.lmu.de>
|
# SPDX-FileCopyrightText: 2022-2024 Sarah Vaupel <sarah.vaupel@uniworx.de>, Gregor Kleen <gregor.kleen@ifi.lmu.de>, Sarah Vaupel <sarah.vaupel@ifi.lmu.de>, Steffen Jost <jost@tcs.ifi.lmu.de>, Winnie Ros <winnie.ros@campus.lmu.de>
|
||||||
#
|
#
|
||||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||||
|
|
||||||
@ -45,8 +45,8 @@ AuthTagUserSubmissions: Submissions are made by course type participants
|
|||||||
AuthTagCorrectorSubmissions: Submissions are registered by correctors
|
AuthTagCorrectorSubmissions: Submissions are registered by correctors
|
||||||
AuthTagCorrectionAnonymous: Correction is anonymised
|
AuthTagCorrectionAnonymous: Correction is anonymised
|
||||||
AuthTagSelf: User is only accessing their only data
|
AuthTagSelf: User is only accessing their only data
|
||||||
AuthTagIsLDAP: User logs in using their Fraport AG account
|
AuthTagIsExternal: User logs in using externally managed credentials
|
||||||
AuthTagIsPWHash: User logs in using their FRADrive specific account
|
AuthTagIsInternal: User logs in using FRADrive-internal credentials
|
||||||
AuthTagAuthentication: User is authenticated
|
AuthTagAuthentication: User is authenticated
|
||||||
AuthTagRead: Access is read only
|
AuthTagRead: Access is read only
|
||||||
AuthTagWrite: Access might write
|
AuthTagWrite: Access might write
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
-- SPDX-FileCopyrightText: 2022 Gregor Kleen <gregor.kleen@ifi.lmu.de>,Sarah Vaupel <sarah.vaupel@ifi.lmu.de>,Steffen Jost <jost@tcs.ifi.lmu.de>,Wolfgang Witt <Wolfgang.Witt@campus.lmu.de>
|
-- SPDX-FileCopyrightText: 2022-2024 Sarah Vaupel <sarah.vaupel@uniworx.de>, Gregor Kleen <gregor.kleen@ifi.lmu.de>, Sarah Vaupel <sarah.vaupel@ifi.lmu.de>, Steffen Jost <jost@tcs.ifi.lmu.de>, Wolfgang Witt <Wolfgang.Witt@campus.lmu.de>
|
||||||
--
|
--
|
||||||
-- SPDX-License-Identifier: AGPL-3.0-or-later
|
-- SPDX-License-Identifier: AGPL-3.0-or-later
|
||||||
|
|
||||||
@ -1521,7 +1521,7 @@ tagAccessPredicate AuthSelf = APDB $ \_ _ mAuthId route _ -> exceptT return retu
|
|||||||
| uid == referencedUser -> return Authorized
|
| uid == referencedUser -> return Authorized
|
||||||
Nothing -> return AuthenticationRequired
|
Nothing -> return AuthenticationRequired
|
||||||
_other -> unauthorizedI MsgUnauthorizedSelf
|
_other -> unauthorizedI MsgUnauthorizedSelf
|
||||||
tagAccessPredicate AuthIsLDAP = APDB $ \_ _ _ route _ -> exceptT return return $ do
|
tagAccessPredicate AuthIsExternal = APDB $ \_ _ _ route _ -> exceptT return return $ do
|
||||||
referencedUser <- case route of
|
referencedUser <- case route of
|
||||||
AdminUserR cID -> return cID
|
AdminUserR cID -> return cID
|
||||||
AdminUserDeleteR cID -> return cID
|
AdminUserDeleteR cID -> return cID
|
||||||
@ -1529,13 +1529,15 @@ tagAccessPredicate AuthIsLDAP = APDB $ \_ _ _ route _ -> exceptT return return $
|
|||||||
UserNotificationR cID -> return cID
|
UserNotificationR cID -> return cID
|
||||||
UserPasswordR cID -> return cID
|
UserPasswordR cID -> return cID
|
||||||
CourseR _ _ _ (CUserR cID) -> return cID
|
CourseR _ _ _ (CUserR cID) -> return cID
|
||||||
_other -> throwError =<< $unsupportedAuthPredicate AuthIsLDAP route
|
_other -> throwError =<< $unsupportedAuthPredicate AuthIsExternal route
|
||||||
referencedUser' <- catchIfMExceptT (const $ unauthorizedI MsgUnauthorizedSelf) (const True :: CryptoIDError -> Bool) $ decrypt referencedUser
|
referencedUser' <- catchIfMExceptT (const $ unauthorizedI MsgUnauthorizedSelf) (const True :: CryptoIDError -> Bool) $ decrypt referencedUser
|
||||||
maybeTMExceptT (unauthorizedI MsgUnauthorizedLDAP) $ do
|
maybeTMExceptT (unauthorizedI MsgUnauthorizedExternal) $ do
|
||||||
User{..} <- MaybeT $ get referencedUser'
|
User{..} <- MaybeT $ get referencedUser'
|
||||||
guard $ userAuthentication == AuthLDAP
|
let availableSources = error "tagAccessPredicate: no available sources yet" -- TODO: implement once config supports source idents
|
||||||
|
guardM . lift $ exists [ ExternalAuthIdent ==. userIdent, ExternalAuthSource <-. availableSources ]
|
||||||
|
guardM . lift . fmap not . existsBy $ UniqueInternalAuth userIdent
|
||||||
return Authorized
|
return Authorized
|
||||||
tagAccessPredicate AuthIsPWHash = APDB $ \_ _ _ route _ -> exceptT return return $ do
|
tagAccessPredicate AuthIsInternal = APDB $ \_ _ _ route _ -> exceptT return return $ do
|
||||||
referencedUser <- case route of
|
referencedUser <- case route of
|
||||||
AdminUserR cID -> return cID
|
AdminUserR cID -> return cID
|
||||||
AdminUserDeleteR cID -> return cID
|
AdminUserDeleteR cID -> return cID
|
||||||
@ -1543,11 +1545,11 @@ tagAccessPredicate AuthIsPWHash = APDB $ \_ _ _ route _ -> exceptT return return
|
|||||||
UserNotificationR cID -> return cID
|
UserNotificationR cID -> return cID
|
||||||
UserPasswordR cID -> return cID
|
UserPasswordR cID -> return cID
|
||||||
CourseR _ _ _ (CUserR cID) -> return cID
|
CourseR _ _ _ (CUserR cID) -> return cID
|
||||||
_other -> throwError =<< $unsupportedAuthPredicate AuthIsPWHash route
|
_other -> throwError =<< $unsupportedAuthPredicate AuthIsInternal route
|
||||||
referencedUser' <- catchIfMExceptT (const $ unauthorizedI MsgUnauthorizedSelf) (const True :: CryptoIDError -> Bool) $ decrypt referencedUser
|
referencedUser' <- catchIfMExceptT (const $ unauthorizedI MsgUnauthorizedSelf) (const True :: CryptoIDError -> Bool) $ decrypt referencedUser
|
||||||
maybeTMExceptT (unauthorizedI MsgUnauthorizedPWHash) $ do
|
maybeTMExceptT (unauthorizedI MsgUnauthorizedInternal) $ do
|
||||||
User{..} <- MaybeT $ get referencedUser'
|
User{..} <- MaybeT $ get referencedUser'
|
||||||
guard $ is _AuthPWHash userAuthentication
|
guardM . lift . existsBy $ UniqueInternalAuth userIdent
|
||||||
return Authorized
|
return Authorized
|
||||||
tagAccessPredicate AuthAuthentication = APDB $ \_ _ mAuthId route _ -> case route of
|
tagAccessPredicate AuthAuthentication = APDB $ \_ _ mAuthId route _ -> case route of
|
||||||
MessageR cID -> maybeT (unauthorizedI MsgUnauthorizedSystemMessageAuth) $ do
|
MessageR cID -> maybeT (unauthorizedI MsgUnauthorizedSystemMessageAuth) $ do
|
||||||
|
|||||||
@ -384,8 +384,6 @@ embedRenderMessage ''UniWorX ''ExamRequiredEquipmentPreset id
|
|||||||
embedRenderMessage ''UniWorX ''ChangelogItemKind id
|
embedRenderMessage ''UniWorX ''ChangelogItemKind id
|
||||||
embedRenderMessage ''UniWorX ''RoomReference' $ dropSuffix "'"
|
embedRenderMessage ''UniWorX ''RoomReference' $ dropSuffix "'"
|
||||||
|
|
||||||
embedRenderMessage ''UniWorX ''AuthenticationMode id
|
|
||||||
|
|
||||||
embedRenderMessage ''UniWorX ''RatingValidityException id
|
embedRenderMessage ''UniWorX ''RatingValidityException id
|
||||||
|
|
||||||
embedRenderMessage ''UniWorX ''UrlFieldMessage id
|
embedRenderMessage ''UniWorX ''UrlFieldMessage id
|
||||||
|
|||||||
Reference in New Issue
Block a user