OC-AUTH with admin persona
This commit is contained in:
@@ -124,6 +124,8 @@ func (k KetoConnector) CreatePermission(permID string, relation string, internal
|
||||
if err != nil {
|
||||
return "", 422, err
|
||||
}
|
||||
|
||||
k.BindPermission("admin", permID, "permits"+meth.String())
|
||||
p, code, err := k.createRelationShip(permID, "permits"+meth.String(), k.scope(), nil)
|
||||
if err != nil {
|
||||
return "", code, err
|
||||
@@ -145,7 +147,7 @@ func (k KetoConnector) GetRole(roleID string) ([]string, error) {
|
||||
|
||||
func (k KetoConnector) GetRoleByUser(userID string) ([]string, error) {
|
||||
arr := []string{}
|
||||
roles, err := k.get("", "is", userID)
|
||||
roles, err := k.get("", "member", userID)
|
||||
if err != nil {
|
||||
return arr, err
|
||||
}
|
||||
@@ -159,10 +161,9 @@ func (k KetoConnector) GetPermission(permID string, relation string) ([]Permissi
|
||||
meth, err := utils.ExtractMethod(relation, true)
|
||||
if err != nil {
|
||||
p := []Permission{}
|
||||
for _, method := range []tools.METHOD{tools.GET, tools.PUT, tools.POST, tools.DELETE} {
|
||||
fmt.Println("blblbl", permID, "permits"+method.String(), k.scope())
|
||||
for _, method := range []tools.METHOD{tools.GET, tools.PUT, tools.POST, tools.DELETE,
|
||||
tools.STRICT_INTERNAL_DELETE, tools.STRICT_INTERNAL_GET, tools.STRICT_INTERNAL_POST, tools.STRICT_INTERNAL_PUT} {
|
||||
perms, err := k.get(permID, "permits"+method.String(), k.scope())
|
||||
fmt.Println("blblbl2", perms, err)
|
||||
if err == nil && len(perms) > 0 {
|
||||
p = append(p, perms...)
|
||||
}
|
||||
@@ -173,24 +174,35 @@ func (k KetoConnector) GetPermission(permID string, relation string) ([]Permissi
|
||||
}
|
||||
|
||||
func (k KetoConnector) GetPermissionByRole(roleID string) ([]Permission, error) {
|
||||
return k.get("", "", roleID)
|
||||
p := []Permission{}
|
||||
for _, method := range []tools.METHOD{tools.GET, tools.PUT, tools.POST, tools.DELETE,
|
||||
tools.STRICT_INTERNAL_DELETE, tools.STRICT_INTERNAL_GET, tools.STRICT_INTERNAL_POST, tools.STRICT_INTERNAL_PUT} {
|
||||
perms, err := k.get(roleID, "permits"+method.String(), "")
|
||||
if err == nil && len(perms) > 0 {
|
||||
p = append(p, perms...)
|
||||
}
|
||||
}
|
||||
return p, nil
|
||||
}
|
||||
func (k KetoConnector) GetPermissionByUser(userID string) ([]Permission, error) {
|
||||
roles, err := k.get("", "is", userID)
|
||||
perms := []Permission{}
|
||||
func (k KetoConnector) GetPermissionByUser(userID string, internal bool) ([]Permission, error) {
|
||||
roles, err := k.get("", "member", userID)
|
||||
if err != nil {
|
||||
return perms, err
|
||||
return nil, err
|
||||
}
|
||||
p := []Permission{}
|
||||
meths := []tools.METHOD{tools.GET, tools.PUT, tools.POST, tools.DELETE}
|
||||
if internal {
|
||||
meths = append(meths, []tools.METHOD{tools.STRICT_INTERNAL_DELETE, tools.STRICT_INTERNAL_GET, tools.STRICT_INTERNAL_POST, tools.STRICT_INTERNAL_PUT}...)
|
||||
}
|
||||
for _, role := range roles {
|
||||
p, err := k.get(role.Object, "", k.scope())
|
||||
if err != nil {
|
||||
log := oclib.GetLogger()
|
||||
log.Error().Msg(err.Error())
|
||||
continue
|
||||
for _, method := range meths {
|
||||
perms, err := k.get(role.Object, "permits"+method.String(), "")
|
||||
if err == nil && len(perms) > 0 {
|
||||
p = append(p, perms...)
|
||||
}
|
||||
}
|
||||
perms = append(perms, p...)
|
||||
}
|
||||
return perms, nil
|
||||
return p, nil
|
||||
}
|
||||
|
||||
func (k KetoConnector) get(object string, relation string, subject string) ([]Permission, error) {
|
||||
@@ -229,11 +241,7 @@ func (k KetoConnector) BindRole(userID string, roleID string) (string, int, erro
|
||||
}
|
||||
|
||||
func (k KetoConnector) BindPermission(roleID string, permID string, relation string) (*Permission, int, error) {
|
||||
meth, err := utils.ExtractMethod(relation, false)
|
||||
if err != nil {
|
||||
return nil, 422, err
|
||||
}
|
||||
perms, err := k.GetPermission(permID, meth.String())
|
||||
perms, err := k.GetPermission(permID, relation)
|
||||
if err != nil || len(perms) != 1 {
|
||||
if len(perms) == 0 {
|
||||
return nil, 404, errors.New("Permission not found")
|
||||
@@ -338,9 +346,7 @@ func (k KetoConnector) deleteRelationShip(object string, relation string, subjec
|
||||
n := k.permToQuery(Permission{Object: object, Relation: relation, Subject: subject}, subPerm)
|
||||
host := conf.GetConfig().PermissionConnectorHost
|
||||
port := fmt.Sprintf("%v", conf.GetConfig().PermissionConnectorAdminPort)
|
||||
fmt.Println(host, port, n)
|
||||
b, err := caller.CallDelete("http://"+host+":"+port, "/relation-tuples"+n)
|
||||
fmt.Println(b, err)
|
||||
if err != nil {
|
||||
log := oclib.GetLogger()
|
||||
log.Error().Msg(err.Error())
|
||||
|
||||
@@ -37,7 +37,7 @@ type PermConnector interface {
|
||||
|
||||
GetRoleByUser(userID string) ([]string, error)
|
||||
GetPermissionByRole(roleID string) ([]Permission, error)
|
||||
GetPermissionByUser(userID string) ([]Permission, error)
|
||||
GetPermissionByUser(userID string, internal bool) ([]Permission, error)
|
||||
|
||||
GetRole(roleID string) ([]string, error)
|
||||
GetPermission(permID string, relation string) ([]Permission, error)
|
||||
|
||||
Reference in New Issue
Block a user