apps/core
1
0
Fork 0
mirror of https://github.com/datarhei/core.git synced 2025-10-05 16:07:07 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
2f932be97deb5bd16d8cde30e1e43681036d3e2d
core/cluster/store/policy.go
Ingo Oppermann 54b1fe8e86 Dump casbin, replace with own policy enforcer
2024-07-23 15:54:09 +02:00

90 lines
1.7 KiB
Go
Raw Blame History

package store
import (
"fmt"
"time"
"github.com/datarhei/core/v16/iam/policy"
)
func (s *store) setPolicies(cmd CommandSetPolicies) error {
s.lock.Lock()
defer s.lock.Unlock()
now := time.Now()
if cmd.Name != "$anon" {
user, err := s.data.Users.userlist.Get(cmd.Name)
if err != nil {
return fmt.Errorf("unknown identity %s%w", cmd.Name, ErrNotFound)
}
u, ok := s.data.Users.Users[user.Name]
if !ok {
return fmt.Errorf("unknown identity %s%w", cmd.Name, ErrNotFound)
}
u.UpdatedAt = now
s.data.Users.Users[user.Name] = u
}
for i, p := range cmd.Policies {
p = s.updatePolicy(p)
if len(p.Domain) == 0 {
p.Domain = "$none"
}
cmd.Policies[i] = p
}
delete(s.data.Policies.Policies, cmd.Name)
s.data.Policies.Policies[cmd.Name] = cmd.Policies
s.data.Policies.UpdatedAt = now
return nil
}
func (s *store) IAMPolicyList() Policies {
s.lock.RLock()
defer s.lock.RUnlock()
p := Policies{
UpdatedAt: s.data.Policies.UpdatedAt,
}
for _, policies := range s.data.Policies.Policies {
p.Policies = append(p.Policies, policies...)
}
return p
}
func (s *store) IAMIdentityPolicyList(name string) Policies {
s.lock.RLock()
defer s.lock.RUnlock()
p := Policies{
UpdatedAt: s.data.Policies.UpdatedAt,
}
user, err := s.data.Users.userlist.Get(name)
if err != nil {
return p
}
p.UpdatedAt = user.UpdatedAt
p.Policies = append(p.Policies, s.data.Policies.Policies[user.Name]...)
return p
}
// updatePolicy updates a policy such that the resource type is split off the resource
func (s *store) updatePolicy(p policy.Policy) policy.Policy {
if len(p.Types) == 0 {
p.Types, p.Resource = policy.DecodeResource(p.Resource)
}
return p
}
Reference in New Issue View Git Blame Copy Permalink