Encapsulate User permissions with immutable update methods

carlhoerberg · claude · carlhoerberg · commit a9013afdbede · 2025-07-25T20:23:09.000+02:00
Add protected methods for permission management in User class and update all access points to use the new API for better data integrity. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
diff --git a/src/lavinmq/amqp/connection_factory.cr b/src/lavinmq/amqp/connection_factory.cr
@@ -166,7 +166,7 @@ module LavinMQ
         open = AMQP::Frame.from_io(socket) { |f| f.as(AMQP::Frame::Connection::Open) }
         vhost_name = open.vhost.empty? ? "/" : open.vhost
         if vhost = @vhosts[vhost_name]?
-          if user.permissions[vhost_name]?
+          if user.permission?(vhost_name)
             if vhost.max_connections.try { |max| vhost.connections.size >= max }
               log.warn { "Max connections (#{vhost.max_connections}) reached for vhost #{vhost_name}" }
               reply_text = "access to vhost '#{vhost_name}' refused: connection limit (#{vhost.max_connections}) is reached"
diff --git a/src/lavinmq/auth/user.cr b/src/lavinmq/auth/user.cr
@@ -6,7 +6,7 @@ require "../tag"
 module LavinMQ
   class User
     include SortableJSON
-    getter name, password, permissions
+    getter name, password
     property tags, plain_text_password
     alias Permissions = NamedTuple(config: Regex, read: Regex, write: Regex)
 
@@ -130,24 +130,58 @@ module LavinMQ
     end
 
     def can_write?(vhost, name) : Bool
-      perm = permissions[vhost]?
+      perm = @permissions[vhost]?
       perm ? perm_match?(perm[:write], name) : false
     end
 
     def can_read?(vhost, name) : Bool
-      perm = permissions[vhost]?
+      perm = @permissions[vhost]?
       perm ? perm_match?(perm[:read], name) : false
     end
 
     def can_config?(vhost, name) : Bool
-      perm = permissions[vhost]?
+      perm = @permissions[vhost]?
       perm ? perm_match?(perm[:config], name) : false
     end
 
     def can_impersonate?
       @tags.includes? Tag::Impersonator
     end
 
+    protected def set_permission(vhost : String, config : Regex, read : Regex, write : Regex)
+      set_permission(vhost, {config: config, read: read, write: write})
+    end
+
+    protected def set_permission(vhost : String, perms : Permissions)
+      new_permissions = @permissions.dup
+      new_permissions[vhost] = perms
+      @permissions = new_permissions
+      perms
+    end
+
+    protected def remove_permission(vhost : String)
+      new_permissions = @permissions.dup
+      perm = new_permissions.delete(vhost)
+      @permissions = new_permissions
+      perm
+    end
+
+    def has_permission?(vhost : String) : Bool
+      @permissions.has_key? vhost
+    end
+
+    def permission?(vhost : String) : Permissions?
+      @permissions[vhost]?
+    end
+
+    def permitted_vhosts : Array(String)
+      @permissions.keys
+    end
+
+    def permissions : Enumerable(Tuple(String, Permissions))
+      @permissions.each
+    end
+
     private def parse_permissions(pull)
       pull.read_object do |vhost|
         config = read = write = /^$/
diff --git a/src/lavinmq/auth/user_store.cr b/src/lavinmq/auth/user_store.cr
@@ -76,18 +76,18 @@ module LavinMQ
     def add_permission(user, vhost, config, read, write)
       perm = {config: config, read: read, write: write}
       @lock.synchronize do
-        if @users[user].permissions[vhost]? == perm
+        if @users[user].permission?(vhost) == perm
           return perm
         end
-        @users[user].permissions[vhost] = perm
+        @users[user].set_permission(vhost, perm)
         save!
         perm
       end
     end
 
     def rm_permission(user, vhost)
       @lock.synchronize do
-        if perm = @users[user].permissions.delete vhost
+        if perm = @users[user].remove_permission vhost
           Log.info { "Removed permissions for user=#{user} on vhost=#{vhost}" }
           save!
           perm
@@ -98,7 +98,7 @@ module LavinMQ
     def rm_vhost_permissions_for_all(vhost)
       @lock.synchronize do
         @users.each_value do |user|
-          user.permissions.delete(vhost)
+          user.remove_permission(vhost)
         end
         save!
       end
@@ -175,7 +175,7 @@ module LavinMQ
     private def create_direct_user
       @users[DIRECT_USER] = User.create_hidden_user(DIRECT_USER)
       perm = {config: /.*/, read: /.*/, write: /.*/}
-      @users[DIRECT_USER].permissions["/"] = perm
+      @users[DIRECT_USER].set_permission("/", perm)
     end
 
     def save!
diff --git a/src/lavinmq/http/controller.cr b/src/lavinmq/http/controller.cr
@@ -221,14 +221,14 @@ module LavinMQ
       def vhosts(user : User)
         @amqp_server.vhosts.each_value.select do |v|
           full_view_vhosts_access = user.tags.any? { |t| t.administrator? || t.monitoring? }
-          amqp_access = user.permissions.has_key?(v.name)
+          amqp_access = user.has_permission?(v.name)
           full_view_vhosts_access || (amqp_access && !user.tags.empty?)
         end
       end
 
       private def refuse_unless_vhost_access(context, user, vhost)
         return if user.tags.any? &.administrator?
-        unless user.permissions.has_key?(vhost)
+        unless user.has_permission?(vhost)
           Log.warn { "user=#{user.name} does not have permissions to access vhost=#{vhost}" }
           access_refused(context)
         end
diff --git a/src/lavinmq/http/controller/connections.cr b/src/lavinmq/http/controller/connections.cr
@@ -8,7 +8,7 @@ module LavinMQ
         if user.tags.any? { |t| t.administrator? || t.monitoring? }
           @amqp_server.connections
         else
-          vhosts = user.permissions.keys
+          vhosts = user.permitted_vhosts
           @amqp_server.connections.select &.vhost.name.in?(vhosts)
         end
       end
diff --git a/src/lavinmq/http/controller/definitions.cr b/src/lavinmq/http/controller/definitions.cr
@@ -192,11 +192,10 @@ module LavinMQ
               configure = p["configure"].as_s
               read = p["read"].as_s
               write = p["write"].as_s
-              @amqp_server.users[user].permissions[vhost] = {
-                config: Regex.new(configure),
-                read:   Regex.new(read),
-                write:  Regex.new(write),
-              }
+              @amqp_server.users[user].set_permission(vhost,
+                Regex.new(configure),
+                Regex.new(read),
+                Regex.new(write))
             end
             @amqp_server.users.save!
           end
diff --git a/src/lavinmq/http/controller/permissions.cr b/src/lavinmq/http/controller/permissions.cr
@@ -39,7 +39,7 @@ module LavinMQ
           refuse_unless_administrator(context, user(context))
           with_vhost(context, params) do |vhost|
             u = user(context, params, "user")
-            perm = u.permissions[vhost]?
+            perm = u.permission?(vhost)
             not_found(context) unless perm
             u.permissions_details(vhost, perm).to_json(context.response)
           end
@@ -56,7 +56,8 @@ module LavinMQ
             unless config && read && write
               bad_request(context, "Fields 'configure', 'read' and 'write' are required")
             end
-            is_update = @amqp_server.users[u.name].permissions[vhost]?
+            user = @amqp_server.users[u.name]
+            is_update = user.permission?(vhost)
             @amqp_server.users
               .add_permission(u.name, vhost, Regex.new(config), Regex.new(read), Regex.new(write))
             context.response.status_code = is_update ? 204 : 201
diff --git a/src/lavinmq/http/controller/vhosts.cr b/src/lavinmq/http/controller/vhosts.cr
@@ -74,7 +74,7 @@ module LavinMQ
           with_vhost(context, params, "name") do |vhost|
             @amqp_server.users.compact_map do |_, u|
               next if u.hidden?
-              u.permissions[vhost]?.try { |p| u.permissions_details(vhost, p) }
+              u.permission?(vhost).try { |p| u.permissions_details(vhost, p) }
             end.to_json(context.response)
           end
         end
diff --git a/src/lavinmq/mqtt/connection_factory.cr b/src/lavinmq/mqtt/connection_factory.cr
@@ -62,14 +62,12 @@ module LavinMQ
           username = username[split_pos + 1..]
         end
 
-        user = @authenticator.authenticate(username, password)
-        return unless user
-        has_vhost_permissions = user.try &.permissions.has_key?(vhost)
-        return unless has_vhost_permissions
-        broker = @brokers[vhost]?
-        return unless broker
-
-        {user, broker}
+        if broker = @brokers[vhost]?
+          if user = @authenticator.authenticate(username, password)
+            user.permission?(vhost) || return
+            {user, broker}
+          end
+        end
       end
 
       def assign_client_id(packet)
