workin oc-auth
This commit is contained in:
@@ -6,24 +6,29 @@ import (
|
||||
"fmt"
|
||||
"oc-auth/conf"
|
||||
"oc-auth/infrastructure/utils"
|
||||
"strings"
|
||||
|
||||
oclib "cloud.o-forge.io/core/oc-lib"
|
||||
"cloud.o-forge.io/core/oc-lib/tools"
|
||||
)
|
||||
|
||||
type KetoConnector struct{}
|
||||
type KetoConnector struct {
|
||||
Client string
|
||||
}
|
||||
|
||||
func (k KetoConnector) SetClient(client string) {
|
||||
k.Client = client
|
||||
}
|
||||
|
||||
func (k KetoConnector) namespace() string {
|
||||
return "open-cloud"
|
||||
}
|
||||
|
||||
func (k KetoConnector) scope() string {
|
||||
return "oc-auth"
|
||||
return "oc-auth-realm"
|
||||
}
|
||||
|
||||
func (f KetoConnector) permToQuery(perm Permission, permDependancies *Permission) string {
|
||||
n := "?namespace=" + perm.Namespace()
|
||||
n := "?namespace=" + f.namespace()
|
||||
if perm.Object != "" {
|
||||
n += "&object=" + perm.Object
|
||||
}
|
||||
@@ -189,6 +194,7 @@ func (k KetoConnector) GetPermissionByRole(roleID string) ([]Permission, error)
|
||||
}
|
||||
func (k KetoConnector) GetPermissionByUser(userID string, internal bool) ([]Permission, error) {
|
||||
roles, err := k.get("", "member", userID)
|
||||
fmt.Println("ROLES", roles, err)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -235,7 +241,7 @@ func (k KetoConnector) get(object string, relation string, subject string) ([]Pe
|
||||
return t, nil
|
||||
}
|
||||
|
||||
func (k KetoConnector) binds(subject string, relation string, object string) (string, int, error) {
|
||||
func (k KetoConnector) binds(object string, relation string, subject string) (string, int, error) {
|
||||
_, code, err := k.createRelationShip(object, relation, subject, nil)
|
||||
if err != nil {
|
||||
return object, code, err
|
||||
@@ -244,6 +250,7 @@ func (k KetoConnector) binds(subject string, relation string, object string) (st
|
||||
}
|
||||
|
||||
func (k KetoConnector) BindRole(userID string, roleID string) (string, int, error) {
|
||||
fmt.Println("BIND ROLE", userID, roleID)
|
||||
return k.binds(userID, "member", roleID)
|
||||
}
|
||||
|
||||
@@ -324,9 +331,6 @@ func (k KetoConnector) UnBindPermission(roleID string, permID string, relation s
|
||||
}
|
||||
func (k KetoConnector) createRelationShip(object string, relation string, subject string, subPerm *Permission) (*Permission, int, error) {
|
||||
exist, err := k.get(object, relation, subject)
|
||||
if strings.Contains(subject, "/workflow/:id") {
|
||||
fmt.Println("subject", subject, relation, exist, err)
|
||||
}
|
||||
if err == nil && len(exist) > 0 {
|
||||
return nil, 409, errors.New("Relation already exist")
|
||||
}
|
||||
@@ -338,7 +342,7 @@ func (k KetoConnector) createRelationShip(object string, relation string, subjec
|
||||
if err != nil {
|
||||
return nil, code, err
|
||||
}
|
||||
body["subject_set"] = map[string]interface{}{"namespace": s.Namespace(), "object": s.Object, "relation": s.Relation, "subject_id": s.Subject}
|
||||
body["subject_set"] = map[string]interface{}{"namespace": k.namespace(), "object": s.Object, "relation": s.Relation, "subject_id": s.Subject}
|
||||
}
|
||||
host := conf.GetConfig().PermissionConnectorHost
|
||||
port := fmt.Sprintf("%v", conf.GetConfig().PermissionConnectorAdminPort)
|
||||
|
||||
@@ -23,6 +23,7 @@ func (k Permission) Scope() string {
|
||||
|
||||
type PermConnector interface {
|
||||
Status() tools.State
|
||||
SetClient(scope string)
|
||||
CheckPermission(perm Permission, permDependancies *Permission, internal bool) bool
|
||||
BindRole(userID string, roleID string) (string, int, error)
|
||||
BindGroup(userID string, groupID string) (string, int, error)
|
||||
@@ -53,6 +54,6 @@ var c = map[string]PermConnector{
|
||||
"keto": KetoConnector{},
|
||||
}
|
||||
|
||||
func GetPermissionConnector() PermConnector {
|
||||
func GetPermissionConnector(scope string) PermConnector {
|
||||
return c[conf.GetConfig().PermissionConnectorHost]
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user