oclib + perms naming
This commit is contained in:
@@ -22,7 +22,7 @@ func (h HydraClaims) generateKey(relation string, path string) (string, error) {
|
||||
return "", err
|
||||
}
|
||||
p := strings.ReplaceAll(strings.ToUpper(path), "/", "_")
|
||||
return strings.ToLower(method.String()) + "_" + strings.ReplaceAll(p, ":", ""), nil
|
||||
return strings.ToUpper(method.String()) + "_" + strings.ReplaceAll(p, ":", ""), nil
|
||||
}
|
||||
|
||||
// decode key expect to extract method and path from key
|
||||
@@ -38,7 +38,7 @@ func (h HydraClaims) decodeKey(key string, external bool) (tools.METHOD, string,
|
||||
if err != nil {
|
||||
return meth, "", err
|
||||
}
|
||||
p := strings.ReplaceAll(strings.ToLower(s[1]), "_", "/")
|
||||
p := strings.ReplaceAll(strings.ToUpper(s[1]), "_", "/")
|
||||
return meth, p, nil
|
||||
}
|
||||
|
||||
|
||||
@@ -6,6 +6,7 @@ import (
|
||||
"fmt"
|
||||
"oc-auth/conf"
|
||||
"oc-auth/infrastructure/utils"
|
||||
"strings"
|
||||
|
||||
oclib "cloud.o-forge.io/core/oc-lib"
|
||||
"cloud.o-forge.io/core/oc-lib/tools"
|
||||
@@ -235,19 +236,25 @@ func (k KetoConnector) BindRole(userID string, roleID string) (string, int, erro
|
||||
func (k KetoConnector) BindPermission(roleID string, permID string, relation string) (*Permission, int, error) {
|
||||
perms, err := k.GetPermission(permID, relation)
|
||||
if err != nil || len(perms) != 1 {
|
||||
if len(perms) == 0 {
|
||||
count := 0
|
||||
for _, p := range perms {
|
||||
if p.Relation == relation {
|
||||
count++
|
||||
}
|
||||
}
|
||||
if count == 0 {
|
||||
return nil, 404, errors.New("Permission not found")
|
||||
} else if len(perms) > 1 {
|
||||
} else if count > 1 {
|
||||
return nil, 409, errors.New("Multiple permission found")
|
||||
}
|
||||
}
|
||||
_, code, err := k.createRelationShip(roleID, perms[0].Relation, permID, nil)
|
||||
_, code, err := k.createRelationShip(roleID, relation, permID, nil)
|
||||
if err != nil {
|
||||
return nil, code, err
|
||||
}
|
||||
return &Permission{
|
||||
Object: roleID,
|
||||
Relation: perms[0].Relation,
|
||||
Relation: relation,
|
||||
Subject: permID,
|
||||
}, 200, nil
|
||||
}
|
||||
@@ -267,9 +274,15 @@ func (k KetoConnector) UnBindPermission(roleID string, permID string, relation s
|
||||
}
|
||||
perms, err := k.GetPermission(permID, meth.String())
|
||||
if err != nil || len(perms) != 1 {
|
||||
if len(perms) == 0 {
|
||||
count := 0
|
||||
for _, p := range perms {
|
||||
if p.Relation == relation {
|
||||
count++
|
||||
}
|
||||
}
|
||||
if count == 0 {
|
||||
return nil, 404, errors.New("Permission not found")
|
||||
} else if len(perms) > 1 {
|
||||
} else if count > 1 {
|
||||
return nil, 409, errors.New("Multiple permission found")
|
||||
}
|
||||
}
|
||||
@@ -285,6 +298,9 @@ func (k KetoConnector) UnBindPermission(roleID string, permID string, relation s
|
||||
}
|
||||
func (k KetoConnector) createRelationShip(object string, relation string, subject string, subPerm *Permission) (*Permission, int, error) {
|
||||
exist, err := k.get(object, relation, subject)
|
||||
if strings.Contains(subject, "/workflow/:id") {
|
||||
fmt.Println("subject", subject, relation, exist, err)
|
||||
}
|
||||
if err == nil && len(exist) > 0 {
|
||||
return nil, 409, errors.New("Relation already exist")
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user