module Model.Identity.Types
( Identity(..)
, MonadHasIdentity
, extractFromIdentifiedSessOrDefault
, identityVerf
, identityAdmin
, identitySuperuser
) where
import qualified Data.ByteString as BS
import Has (Has(..), MonadHas)
import Model.Id.Types
import Model.Permission.Types
import Model.Party.Types
import Model.Token.Types
data Identity
= NotLoggedIn
| IdentityNotNeeded
| Identified Session
| ReIdentified SiteAuth
instance Has SiteAuth Identity where
view (Identified Session{ sessionAccountToken = AccountToken{ tokenAccount = t } }) = t
view (ReIdentified a) = a
view IdentityNotNeeded = nobodySiteAuth
view NotLoggedIn = nobodySiteAuth
instance Has Party Identity where
view = view . (view :: Identity -> SiteAuth)
instance Has (Id Party) Identity where
view = view . (view :: Identity -> SiteAuth)
instance Has Access Identity where
view = view . (view :: Identity -> SiteAuth)
type MonadHasIdentity c m = (MonadHas Identity c m, Has SiteAuth c, Has Party c, Has (Id Party) c, Has Access c)
extractFromIdentifiedSessOrDefault :: a -> (Session -> a) -> Identity -> a
extractFromIdentifiedSessOrDefault z f = \case
Identified sess -> f sess
NotLoggedIn -> z
IdentityNotNeeded -> z
ReIdentified _ -> z
identityVerf :: Identity -> Maybe BS.ByteString
identityVerf = extractFromIdentifiedSessOrDefault Nothing (Just . sessionVerf)
identitySuperuserFor :: (Access -> Permission) -> Identity -> Bool
identitySuperuserFor f (Identified t) = sessionSuperuser t && f (view t) == PermissionADMIN
identitySuperuserFor _ (ReIdentified _) = True
identitySuperuserFor _ _ = False
identityAdmin :: Identity -> Bool
identityAdmin = identitySuperuserFor accessMember
identitySuperuser :: Identity -> Bool
identitySuperuser = identitySuperuserFor accessPermission