add missing authenticate/authorize methods (2600hz#6188)

* to authenticate/authorize by module we need to export the proper arities
erzhan0809 · Dec 9, 2019 · bec0a9a · bec0a9a
1 parent 743bd40
commit bec0a9a
Show file tree

Hide file tree

Showing 12 changed files with 198 additions and 117 deletions.
diff --git a/applications/crossbar/src/modules/cb_apps_link.erl b/applications/crossbar/src/modules/cb_apps_link.erl
@@ -13,7 +13,7 @@
 -module(cb_apps_link).
 
 -export([init/0
-        ,authorize/1
+        ,authorize/2
         ,allowed_methods/1
         ,resource_exists/1
         ,validate/2
@@ -45,8 +45,8 @@ init() ->
 %% allowed to access the resource, or false if not.
 %% @end
 %%------------------------------------------------------------------------------
--spec authorize(cb_context:context()) -> boolean().
-authorize(Context) ->
+-spec authorize(cb_context:context(), path_token()) -> boolean().
+authorize(Context, _) ->
     authorize_nouns(cb_context:req_nouns(Context)).
 
 -spec authorize_nouns(req_nouns()) -> boolean().

diff --git a/applications/crossbar/src/modules/cb_apps_store.erl b/applications/crossbar/src/modules/cb_apps_store.erl
@@ -14,8 +14,8 @@
 -export([init/0
         ,allowed_methods/0, allowed_methods/1, allowed_methods/2, allowed_methods/3
         ,resource_exists/0, resource_exists/1, resource_exists/2, resource_exists/3
-        ,authenticate/1
-        ,authorize/1
+        ,authenticate/1, authenticate/2, authenticate/3, authenticate/4
+        ,authorize/1, authorize/2, authorize/3, authorize/4
         ,validate/1, validate/2, validate/3, validate/4
         ,content_types_provided/3 ,content_types_provided/4
         ,put/2
@@ -139,30 +139,54 @@ content_types_provided(Context, _, _, _) -> Context.
 
 -spec authenticate(cb_context:context()) -> boolean().
 authenticate(Context) ->
-    authenticate(cb_context:req_verb(Context), cb_context:req_nouns(Context)).
+    authenticate_nouns(cb_context:req_verb(Context), cb_context:req_nouns(Context)).
 
--spec authenticate(http_method(), req_nouns()) -> boolean().
-authenticate(?HTTP_GET, [{<<"apps_store">>,[_Id, ?ICON]}]) ->
+-spec authenticate(cb_context:context(), path_token()) -> boolean().
+authenticate(Context, _) ->
+    authenticate_nouns(cb_context:req_verb(Context), cb_context:req_nouns(Context)).
+
+-spec authenticate(cb_context:context(), path_token(), path_token()) -> boolean().
+authenticate(Context, _, _) ->
+    authenticate_nouns(cb_context:req_verb(Context), cb_context:req_nouns(Context)).
+
+-spec authenticate(cb_context:context(), path_token(), path_token(), path_token()) -> boolean().
+authenticate(Context, _, _, _) ->
+    authenticate_nouns(cb_context:req_verb(Context), cb_context:req_nouns(Context)).
+
+-spec authenticate_nouns(http_method(), req_nouns()) -> boolean().
+authenticate_nouns(?HTTP_GET, [{<<"apps_store">>,[_Id, ?ICON]}]) ->
     lager:debug("authenticating request"),
     'true';
-authenticate(?HTTP_GET, [{<<"apps_store">>,[_Id, ?SCREENSHOT, _Number]}]) ->
+authenticate_nouns(?HTTP_GET, [{<<"apps_store">>,[_Id, ?SCREENSHOT, _Number]}]) ->
     lager:debug("authenticating request"),
     'true';
-authenticate(_Verb, _Nouns) ->
+authenticate_nouns(_Verb, _Nouns) ->
     'false'.
 
 -spec authorize(cb_context:context()) -> boolean().
 authorize(Context) ->
-    authorize(cb_context:req_verb(Context), cb_context:req_nouns(Context)).
+    authorize_nouns(cb_context:req_verb(Context), cb_context:req_nouns(Context)).
+
+-spec authorize(cb_context:context(), path_token()) -> boolean().
+authorize(Context, _) ->
+    authorize_nouns(cb_context:req_verb(Context), cb_context:req_nouns(Context)).
+
+-spec authorize(cb_context:context(), path_token(), path_token()) -> boolean().
+authorize(Context, _, _) ->
+    authorize_nouns(cb_context:req_verb(Context), cb_context:req_nouns(Context)).
+
+-spec authorize(cb_context:context(), path_token(), path_token(), path_token()) -> boolean().
+authorize(Context, _, _, _) ->
+    authorize_nouns(cb_context:req_verb(Context), cb_context:req_nouns(Context)).
 
--spec authorize(http_method(), req_nouns()) -> boolean().
-authorize(?HTTP_GET, [{<<"apps_store">>,[_Id, ?ICON]}]) ->
+-spec authorize_nouns(http_method(), req_nouns()) -> boolean().
+authorize_nouns(?HTTP_GET, [{<<"apps_store">>,[_Id, ?ICON]}]) ->
     lager:debug("authorizing request"),
     'true';
-authorize(?HTTP_GET, [{<<"apps_store">>,[_Id, ?SCREENSHOT, _Number]}]) ->
+authorize_nouns(?HTTP_GET, [{<<"apps_store">>,[_Id, ?SCREENSHOT, _Number]}]) ->
     lager:debug("authorizing request"),
     'true';
-authorize(_Verb, _Nouns) ->
+authorize_nouns(_Verb, _Nouns) ->
     'false'.
 
 %%------------------------------------------------------------------------------

diff --git a/applications/crossbar/src/modules/cb_clicktocall.erl b/applications/crossbar/src/modules/cb_clicktocall.erl
@@ -22,8 +22,8 @@
         ,allowed_methods/0, allowed_methods/1, allowed_methods/2
         ,resource_exists/0, resource_exists/1, resource_exists/2
         ,validate/1, validate/2, validate/3
-        ,authenticate/1
-        ,authorize/1
+        ,authenticate/1, authenticate/2, authenticate/3
+        ,authorize/1, authorize/2, authorize/3
         ,put/1
         ,post/2, post/3
         ,patch/2
@@ -107,11 +107,27 @@ authenticate(Context) ->
     is_c2c_url(Context, cb_context:req_nouns(Context))
         andalso maybe_authenticate(Context).
 
+-spec authenticate(cb_context:context(), path_token()) -> 'true'.
+authenticate(Context, _) ->
+    authenticate(Context).
+
+-spec authenticate(cb_context:context(), path_token(), path_token()) -> 'true'.
+authenticate(Context, _, _) ->
+    authenticate(Context).
+
 -spec authorize(cb_context:context()) -> 'true'.
 authorize(Context) ->
     is_c2c_url(Context, cb_context:req_nouns(Context))
         andalso maybe_authorize(Context).
 
+-spec authorize(cb_context:context(), path_token()) -> 'true'.
+authorize(Context, _) ->
+    authorize(Context).
+
+-spec authorize(cb_context:context(), path_token(), path_token()) -> 'true'.
+authorize(Context, _, _) ->
+    authorize(Context).
+
 -spec maybe_authenticate(cb_context:context()) -> boolean().
 maybe_authenticate(Context) ->
     case is_auth_required(Context) of

diff --git a/applications/crossbar/src/modules/cb_ips.erl b/applications/crossbar/src/modules/cb_ips.erl
@@ -12,7 +12,7 @@
 -module(cb_ips).
 
 -export([init/0
-        ,authorize/1
+        ,authorize/1, authorize/2
         ,allowed_methods/0, allowed_methods/1
         ,resource_exists/0, resource_exists/1
         ,validate/1, validate/2
@@ -48,11 +48,16 @@ init() ->
 -spec authorize(cb_context:context()) -> boolean().
 authorize(Context) ->
     _ = cb_context:put_reqid(Context),
-    authorize(Context, cb_context:req_nouns(Context)).
+    authorize_nouns(Context, cb_context:req_nouns(Context)).
 
-authorize(Context, [{<<"ips">>, _}]) ->
+-spec authorize(cb_context:context(), path_token()) -> boolean().
+authorize(Context, _) ->
+    _ = cb_context:put_reqid(Context),
+    authorize_nouns(Context, cb_context:req_nouns(Context)).
+
+authorize_nouns(Context, [{<<"ips">>, _}]) ->
     cb_context:is_superduper_admin(Context);
-authorize(_Context, _Nouns) -> 'false'.
+authorize_nouns(_Context, _Nouns) -> 'false'.
 
 %%------------------------------------------------------------------------------
 %% @doc Given the path tokens related to this module, what HTTP methods are

diff --git a/applications/crossbar/src/modules/cb_media.erl b/applications/crossbar/src/modules/cb_media.erl
@@ -17,7 +17,7 @@
 -export([init/0
         ,allowed_methods/0, allowed_methods/1, allowed_methods/2
         ,resource_exists/0, resource_exists/1, resource_exists/2
-        ,authorize/1
+        ,authorize/1, authorize/2, authorize/3
         ,validate/1, validate/2, validate/3
         ,content_types_provided/2, content_types_provided/3
         ,content_types_accepted/2, content_types_accepted/3
@@ -125,11 +125,18 @@ resource_exists(?LANGUAGES, _Language) -> 'true';
 resource_exists(?PROMPTS, _PromptId) -> 'true';
 resource_exists(_, ?BIN_DATA) -> 'true'.
 
--spec authorize(cb_context:context()) -> boolean() |
-          {'stop', cb_context:context()}.
+-spec authorize(cb_context:context()) -> boolean() | {'stop', cb_context:context()}.
 authorize(Context) ->
     authorize_media(Context, cb_context:req_nouns(Context), cb_context:account_id(Context)).
 
+-spec authorize(cb_context:context(), path_token()) -> boolean() | {'stop', cb_context:context()}.
+authorize(Context, _) ->
+    authorize_media(Context, cb_context:req_nouns(Context), cb_context:account_id(Context)).
+
+-spec authorize(cb_context:context(), path_token(), path_token()) -> boolean() | {'stop', cb_context:context()}.
+authorize(Context, _, _) ->
+    authorize_media(Context, cb_context:req_nouns(Context), cb_context:account_id(Context)).
+
 -spec authorize_media(cb_context:context(), req_nouns(), kz_term:api_binary()) -> boolean().
 authorize_media(_Context, [{<<"media">>, [?PROMPTS]}], 'undefined') ->
     lager:debug("allowing system prompts request"),

diff --git a/applications/crossbar/src/modules/cb_presence.erl b/applications/crossbar/src/modules/cb_presence.erl
@@ -10,8 +10,8 @@
 -module('cb_presence').
 
 -export([init/0
-        ,authenticate/1
-        ,authorize/1
+        ,authenticate/1, authenticate/2
+        ,authorize/1, authorize/2
         ,allowed_methods/0, allowed_methods/1
         ,resource_exists/0, resource_exists/1
         ,content_types_provided/2
@@ -70,25 +70,33 @@ init() ->
 
 -spec authenticate(cb_context:context()) -> boolean().
 authenticate(Context) ->
-    authenticate(Context, cb_context:req_nouns(Context), cb_context:req_verb(Context)).
+    authenticate_nouns(Context, cb_context:req_nouns(Context), cb_context:req_verb(Context)).
 
--spec authenticate(cb_context:context(), req_nouns(), http_method()) -> boolean().
-authenticate(Context, [{<<"presence">>,[?MATCH_REPORT_PREFIX]}], ?HTTP_GET) ->
+-spec authenticate(cb_context:context(), path_token()) -> boolean().
+authenticate(Context, _) ->
+    authenticate_nouns(Context, cb_context:req_nouns(Context), cb_context:req_verb(Context)).
+
+-spec authenticate_nouns(cb_context:context(), req_nouns(), http_method()) -> boolean().
+authenticate_nouns(Context, [{<<"presence">>,[?MATCH_REPORT_PREFIX]}], ?HTTP_GET) ->
     cb_context:magic_pathed(Context);
-authenticate(_Context, _Nouns, _Verb) -> 'false'.
+authenticate_nouns(_Context, _Nouns, _Verb) -> 'false'.
 
 %%------------------------------------------------------------------------------
 %% @doc
 %% @end
 %%------------------------------------------------------------------------------
 -spec authorize(cb_context:context()) -> boolean().
 authorize(Context) ->
-    authorize(Context, cb_context:req_nouns(Context), cb_context:req_verb(Context)).
+    authorize_nouns(Context, cb_context:req_nouns(Context), cb_context:req_verb(Context)).
+
+-spec authorize(cb_context:context(), path_token()) -> boolean().
+authorize(Context, _) ->
+    authorize_nouns(Context, cb_context:req_nouns(Context), cb_context:req_verb(Context)).
 
--spec authorize(cb_context:context(), req_nouns(), http_method()) -> boolean().
-authorize(Context, [{<<"presence">>,[?MATCH_REPORT_PREFIX]}], ?HTTP_GET) ->
+-spec authorize_nouns(cb_context:context(), req_nouns(), http_method()) -> boolean().
+authorize_nouns(Context, [{<<"presence">>,[?MATCH_REPORT_PREFIX]}], ?HTTP_GET) ->
     cb_context:magic_pathed(Context);
-authorize(_Context, _Nouns, _Verb) -> 'false'.
+authorize_nouns(_Context, _Nouns, _Verb) -> 'false'.
 
 %%------------------------------------------------------------------------------
 %% @doc This function determines the verbs that are appropriate for the

diff --git a/applications/crossbar/src/modules/cb_rates.erl b/applications/crossbar/src/modules/cb_rates.erl
@@ -12,7 +12,7 @@
 -module(cb_rates).
 
 -export([init/0
-        ,authorize/1
+        ,authorize/1, authorize/2, authorize/3
         ,allowed_methods/0, allowed_methods/1 ,allowed_methods/2
         ,resource_exists/0, resource_exists/1 ,resource_exists/2
         ,content_types_provided/1
@@ -74,17 +74,25 @@ init_db() ->
 
 -spec authorize(cb_context:context()) -> boolean().
 authorize(Context) ->
-    authorize(Context, cb_context:req_nouns(Context)).
+    authorize_nouns(Context, cb_context:req_nouns(Context)).
 
-authorize(Context, [{<<"rates">>, [?RATEDECKS]}]) ->
+-spec authorize(cb_context:context(), path_token()) -> boolean().
+authorize(Context, _) ->
+    authorize_nouns(Context, cb_context:req_nouns(Context)).
+
+-spec authorize(cb_context:context(), path_token(), path_token()) -> boolean().
+authorize(Context, _, _) ->
+    authorize_nouns(Context, cb_context:req_nouns(Context)).
+
+authorize_nouns(Context, [{<<"rates">>, [?RATEDECKS]}]) ->
     case cb_context:is_superduper_admin(Context) of
         'true' -> 'true';
         'false' -> {'stop', cb_context:add_system_error('forbidden', Context)}
     end;
-authorize(_Context, [{<<"rates">>, [?NUMBER, _NumberToRate]}]) ->
+authorize_nouns(_Context, [{<<"rates">>, [?NUMBER, _NumberToRate]}]) ->
     lager:debug("authorizing rate request for ~s", [_NumberToRate]),
     'true';
-authorize(_Context, _Nouns) ->
+authorize_nouns(_Context, _Nouns) ->
     'false'.
 
 %%------------------------------------------------------------------------------

diff --git a/applications/crossbar/src/modules/cb_resources.erl b/applications/crossbar/src/modules/cb_resources.erl
@@ -13,7 +13,7 @@
 -module(cb_resources).
 
 -export([init/0
-        ,authorize/1
+        ,authorize/1, authorize/2, authorize/3
         ,allowed_methods/0, allowed_methods/1, allowed_methods/2
         ,resource_exists/0, resource_exists/1, resource_exists/2
         ,validate/1, validate/2, validate/3
@@ -56,6 +56,9 @@ init() ->
                           ,{<<"*.authorize.resources">>, 'authorize'}
                           ]).
 
+-spec authorize(cb_context:context()) -> boolean() | {'stop', cb_context:context()}.
+authorize(Context) ->
+    authorize_nouns(Context, cb_context:req_nouns(Context)).
 -spec maybe_start_jobs_listener() -> pid().
 maybe_start_jobs_listener() ->
     case jobs_listener_pid() of
@@ -65,27 +68,26 @@ maybe_start_jobs_listener() ->
         Pid -> Pid
     end.
 
+-spec authorize(cb_context:context(), path_token()) -> boolean() | {'stop', cb_context:context()}.
+authorize(Context, _) ->
+    authorize_nouns(Context, cb_context:req_nouns(Context)).
 -spec jobs_listener_pid() -> kz_term:api_pid().
 jobs_listener_pid() ->
     whereis('crossbar_jobs_listener').
 
--spec authorize(cb_context:context()) ->
-          boolean() |
-          {'stop', cb_context:context()}.
-authorize(Context) ->
-    authorize(Context, cb_context:req_nouns(Context)).
+-spec authorize(cb_context:context(), path_token(), path_token()) -> boolean() | {'stop', cb_context:context()}.
+authorize(Context, _, _) ->
+    authorize_nouns(Context, cb_context:req_nouns(Context)).
 
--spec authorize(cb_context:context(), req_nouns()) ->
-          boolean() |
-          {'stop', cb_context:context()}.
-authorize(Context, [{<<"global_resources">>, _}|_]) ->
+-spec authorize_nouns(cb_context:context(), req_nouns()) -> boolean() | {'stop', cb_context:context()}.
+authorize_nouns(Context, [{<<"global_resources">>, _}|_]) ->
     maybe_authorize_admin(Context);
-authorize(Context, [{<<"resources">>, _} | _]) ->
+authorize_nouns(Context, [{<<"resources">>, _} | _]) ->
     case cb_context:account_id(Context) of
         'undefined' -> maybe_authorize_admin(Context);
         _AccountId -> 'true'
     end;
-authorize(_Context, _Nouns) ->
+authorize_nouns(_Context, _Nouns) ->
     'false'.
 
 -spec maybe_authorize_admin(cb_context:context()) ->

diff --git a/applications/crossbar/src/modules/cb_schemas.erl b/applications/crossbar/src/modules/cb_schemas.erl
@@ -14,8 +14,8 @@
 -export([init/0
         ,allowed_methods/0, allowed_methods/1, allowed_methods/2
         ,resource_exists/0, resource_exists/1, resource_exists/2
-        ,authorize/1
-        ,authenticate/1
+        ,authorize/1, authorize/2
+        ,authenticate/1, authenticate/2
         ,validate/1, validate/2, validate/3
         ]).
 
@@ -42,22 +42,24 @@ init() ->
 
 -spec authorize(cb_context:context()) -> boolean().
 authorize(Context) ->
-    authorize_nouns(cb_context:req_nouns(Context)).
+    auth_nouns(Context, cb_context:req_nouns(Context)).
 
--spec authorize_nouns(req_nouns()) -> boolean().
-authorize_nouns([{<<"schemas">>,_}]) ->
-    lager:debug("authorizing request to fetch schema(s)"),
-    'true';
-authorize_nouns(_) -> 'false'.
+-spec authorize(cb_context:context(), path_token()) -> boolean().
+authorize(Context, _Schema) ->
+    auth_nouns(Context, cb_context:req_nouns(Context)).
 
 -spec authenticate(cb_context:context()) -> boolean().
 authenticate(Context) ->
-    authenticate_nouns(cb_context:req_nouns(Context)).
+    auth_nouns(Context, cb_context:req_nouns(Context)).
 
-authenticate_nouns([{<<"schemas">>,_}]) ->
+-spec authenticate(cb_context:context(), path_token()) -> boolean().
+authenticate(Context, _Schema) ->
+    auth_nouns(Context, cb_context:req_nouns(Context)).
+
+-spec auth_nouns(cb_context:context(), req_nouns()) -> boolean().
+auth_nouns(Context, [{<<"schemas">>,_}]) ->
     lager:debug("authenticating request to fetch schema(s)"),
-    'true';
-authenticate_nouns(_) -> 'false'.
+    cb_context:req_verb(Context) =:= ?HTTP_GET.
 
 %%------------------------------------------------------------------------------
 %% @doc This function determines the verbs that are appropriate for the