feat: add HasCaldavAccess method to APIToken

This commit is contained in:
kolaente 2026-03-26 11:31:44 +01:00 committed by kolaente
parent b0b7c52b15
commit ebec91b356
2 changed files with 40 additions and 0 deletions

View File

@ -20,6 +20,7 @@ import (
"crypto/sha256"
"crypto/subtle"
"encoding/hex"
"slices"
"time"
"code.vikunja.io/api/pkg/db"
@ -169,6 +170,15 @@ func (t *APIToken) Delete(s *xorm.Session, a web.Auth) (err error) {
return err
}
// HasCaldavAccess checks whether the token has the caldav access permission.
func (t *APIToken) HasCaldavAccess() bool {
perms, has := t.APIPermissions["caldav"]
if !has {
return false
}
return slices.Contains(perms, "access")
}
// GetTokenFromTokenString returns the full token object from the original token string.
func GetTokenFromTokenString(s *xorm.Session, token string) (apiToken *APIToken, err error) {
lastEight := token[len(token)-8:]

View File

@ -95,6 +95,36 @@ func TestAPIToken_Create(t *testing.T) {
})
}
func TestAPIToken_HasCaldavAccess(t *testing.T) {
t.Run("has caldav access", func(t *testing.T) {
token := &APIToken{
APIPermissions: APIPermissions{"caldav": {"access"}},
}
assert.True(t, token.HasCaldavAccess())
})
t.Run("no caldav group", func(t *testing.T) {
token := &APIToken{
APIPermissions: APIPermissions{"tasks": {"read_all"}},
}
assert.False(t, token.HasCaldavAccess())
})
t.Run("caldav group but wrong permission", func(t *testing.T) {
token := &APIToken{
APIPermissions: APIPermissions{"caldav": {"read_all"}},
}
assert.False(t, token.HasCaldavAccess())
})
t.Run("caldav access among other permissions", func(t *testing.T) {
token := &APIToken{
APIPermissions: APIPermissions{
"tasks": {"read_all", "update"},
"caldav": {"access"},
},
}
assert.True(t, token.HasCaldavAccess())
})
}
func TestAPIToken_GetTokenFromTokenString(t *testing.T) {
t.Run("valid token", func(t *testing.T) {
s := db.NewSession()