From 972acde406b50f98179141f713e14cb09561a3ae Mon Sep 17 00:00:00 2001 From: Nick Woodward Date: Wed, 13 Jul 2016 23:48:04 -0500 Subject: [PATCH] Static roles will no longer get wiped out after hubot initializes --- src/auth.coffee | 95 ++++++++++++++++++++++++------------------------- 1 file changed, 46 insertions(+), 49 deletions(-) diff --git a/src/auth.coffee b/src/auth.coffee index 41b6573..fbd9dcf 100644 --- a/src/auth.coffee +++ b/src/auth.coffee @@ -28,37 +28,14 @@ config = role_list: process.env.HUBOT_AUTH_ROLES module.exports = (robot) -> - - # TODO: This has been deprecated so it needs to be removed at some point. - if config.admin_list? - robot.logger.warning 'The HUBOT_AUTH_ADMIN environment variable has been deprecated in favor of HUBOT_AUTH_ROLES' - for id in config.admin_list.split ',' - user = robot.brain.userForId id - - unless user? - robot.logger.warning "#{id} does not exist" - else - user.roles or= [] - user.roles.push 'admin' unless 'admin' in user.roles - - unless config.role_list? - robot.logger.warning 'The HUBOT_AUTH_ROLES environment variable not set' - else - for role in config.role_list.split ' ' - [dummy, roleName, userIds] = role.match /(\w+)=([\w]+(?:,[\w]+)*)/ - for id in userIds.split ',' - user = robot.brain.userForId id - - unless user? - robot.logger.warning "#{id} does not exist" - else - user.roles or= [] - user.roles.push roleName unless roleName in user.roles - class Auth + storedRoles = robot.brain.get('roles') + unless storedRoles + robot.brain.set('roles', {}) + storedRoles = robot.brain.get('roles') + isAdmin: (user) -> - roles = robot.brain.userForId(user.id).roles or [] - 'admin' in roles + @hasRole(user, 'admin') hasRole: (user, roles) -> userRoles = @userRoles(user) @@ -76,10 +53,37 @@ module.exports = (robot) -> users userRoles: (user) -> - user.roles + storedRoles[user.id] or= [] + + addRole: (user, newRole) -> + userRoles = @userRoles(user) + userRoles.push newRole unless newRole in userRoles + + revokeRole: (user, newRole) -> + userRoles = @userRoles(user) + userRoles = (role for role in userRoles when role isnt newRole) + + getRoles: () -> + result = [] + for own key, roles of storedRoles + result.push role for role in roles unless role in result + result robot.auth = new Auth + # TODO: This has been deprecated so it needs to be removed at some point. + if config.admin_list? + robot.logger.warning 'The HUBOT_AUTH_ADMIN environment variable has been deprecated in favor of HUBOT_AUTH_ROLES' + for id in config.admin_list.split ',' + robot.auth.addRole({ id }, 'admin') + + unless config.role_list? + robot.logger.warning 'The HUBOT_AUTH_ROLES environment variable not set' + else + for role in config.role_list.split ' ' + [dummy, roleName, userIds] = role.match /(\w+)=([\w]+(?:,[\w]+)*)/ + for id in userIds.split ',' + robot.auth.addRole({ id }, roleName) robot.respond /@?([^\s]+) ha(?:s|ve) (["'\w: -_]+) role/i, (msg) -> name = msg.match[1].trim() @@ -93,17 +97,14 @@ module.exports = (robot) -> user = robot.brain.userForName(name) return msg.reply "#{name} does not exist" unless user? - user.roles or= [] - if newRole in user.roles + if robot.auth.hasRole(user, newRole) msg.reply "#{name} already has the '#{newRole}' role." + else if newRole is 'admin' + msg.reply "Sorry, the 'admin' role can only be defined in the HUBOT_AUTH_ROLES env variable." else - if newRole is 'admin' - msg.reply "Sorry, the 'admin' role can only be defined in the HUBOT_AUTH_ROLES env variable." - else - myRoles = msg.message.user.roles or [] - user.roles.push(newRole) - msg.reply "OK, #{name} has the '#{newRole}' role." + robot.auth.addRole user, newRole + msg.reply "OK, #{name} has the '#{newRole}' role." robot.respond /@?([^\s]+) (?:don['’]t|doesn['’]t|do not) have (["'\w: -_]+) role/i, (msg) -> name = msg.match[1].trim() @@ -117,13 +118,11 @@ module.exports = (robot) -> user = robot.brain.userForName(name) return msg.reply "#{name} does not exist" unless user? - user.roles or= [] if newRole is 'admin' msg.reply "Sorry, the 'admin' role can only be removed from the HUBOT_AUTH_ROLES env variable." else - myRoles = msg.message.user.roles or [] - user.roles = (role for role in user.roles when role isnt newRole) + robot.auth.revokeRole user, newRole msg.reply "OK, #{name} doesn't have the '#{newRole}' role." robot.respond /what roles? do(es)? @?([^\s]+) have\?*$/i, (msg) -> @@ -148,13 +147,11 @@ module.exports = (robot) -> msg.reply "There are no people that have the '#{role}' role." robot.respond /list assigned roles/i, (msg) -> - roles = [] unless robot.auth.isAdmin msg.message.user - msg.reply "Sorry, only admins can list assigned roles." + msg.reply "Sorry, only admins can list assigned roles." else - for i, user of robot.brain.users() when user.roles - roles.push role for role in user.roles when role not in roles - if roles.length > 0 - msg.reply "The following roles are available: #{roles.join(', ')}" - else - msg.reply "No roles to list." + roles = robot.auth.getRoles() + if roles.length > 0 + msg.reply "The following roles are available: #{roles.join(', ')}" + else + msg.reply "No roles to list."