Skip to content

Commit

Permalink
NOISSUE - Move default permission filters from Auth API to service (a…
Browse files Browse the repository at this point in the history
…bsmach#2252)

Signed-off-by: Dusan Borovcanin <[email protected]>
  • Loading branch information
dborovcanin authored May 22, 2024
1 parent 42be65a commit 31d0e8c
Show file tree
Hide file tree
Showing 2 changed files with 52 additions and 54 deletions.
52 changes: 1 addition & 51 deletions auth/api/grpc/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,39 +18,6 @@ import (

var _ magistrala.AuthServiceServer = (*grpcServer)(nil)

var (
defThingsFilterPermissions = []string{
auth.AdminPermission,
auth.DeletePermission,
auth.EditPermission,
auth.ViewPermission,
auth.SharePermission,
auth.PublishPermission,
auth.SubscribePermission,
}

defGroupsFilterPermissions = []string{
auth.AdminPermission,
auth.DeletePermission,
auth.EditPermission,
auth.ViewPermission,
auth.MembershipPermission,
auth.SharePermission,
}

defDomainsFilterPermissions = []string{
auth.AdminPermission,
auth.EditPermission,
auth.ViewPermission,
auth.MembershipPermission,
auth.SharePermission,
}
defPlatformFilterPermissions = []string{
auth.AdminPermission,
auth.MembershipPermission,
}
)

type grpcServer struct {
magistrala.UnimplementedAuthServiceServer
issue kitgrpc.Handler
Expand Down Expand Up @@ -488,31 +455,14 @@ func encodeCountSubjectsResponse(_ context.Context, grpcRes interface{}) (interf

func decodeListPermissionsRequest(_ context.Context, grpcReq interface{}) (interface{}, error) {
req := grpcReq.(*magistrala.ListPermissionsReq)
var fp []string

switch req.GetObjectType() {
case auth.ThingType:
fp = defThingsFilterPermissions
case auth.GroupType:
fp = defGroupsFilterPermissions
case auth.PlatformType:
fp = defPlatformFilterPermissions
case auth.DomainType:
fp = defDomainsFilterPermissions
default:
return nil, apiutil.ErrMalformedPolicy
}
if len(req.GetFilterPermissions()) > 0 {
fp = req.GetFilterPermissions()
}
return listPermissionsReq{
Domain: req.GetDomain(),
SubjectType: req.GetSubjectType(),
Subject: req.GetSubject(),
SubjectRelation: req.GetSubjectRelation(),
ObjectType: req.GetObjectType(),
Object: req.GetObject(),
FilterPermissions: fp,
FilterPermissions: req.GetFilterPermissions(),
}, nil
}

Expand Down
54 changes: 51 additions & 3 deletions auth/service.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,41 @@ var (
errRemovePolicyEngine = errors.New("failed to remove from policy engine")
)

// Authn specifies an API that must be fullfiled by the domain service
var (
defThingsFilterPermissions = []string{
AdminPermission,
DeletePermission,
EditPermission,
ViewPermission,
SharePermission,
PublishPermission,
SubscribePermission,
}

defGroupsFilterPermissions = []string{
AdminPermission,
DeletePermission,
EditPermission,
ViewPermission,
MembershipPermission,
SharePermission,
}

defDomainsFilterPermissions = []string{
AdminPermission,
EditPermission,
ViewPermission,
MembershipPermission,
SharePermission,
}

defPlatformFilterPermissions = []string{
AdminPermission,
MembershipPermission,
}
)

// Authn specifies an API that must be fulfilled by the domain service
// implementation, and all of its decorators (e.g. logging & metrics).
// Token is a string value of the actual Key and is used to authenticate
// an Auth service request.
Expand Down Expand Up @@ -348,8 +382,22 @@ func (svc service) CountSubjects(ctx context.Context, pr PolicyReq) (uint64, err
return svc.agent.RetrieveAllSubjectsCount(ctx, pr)
}

func (svc service) ListPermissions(ctx context.Context, pr PolicyReq, filterPermisions []string) (Permissions, error) {
pers, err := svc.agent.RetrievePermissions(ctx, pr, filterPermisions)
func (svc service) ListPermissions(ctx context.Context, pr PolicyReq, permissionsFilter []string) (Permissions, error) {
if len(permissionsFilter) == 0 {
switch pr.ObjectType {
case ThingType:
permissionsFilter = defThingsFilterPermissions
case GroupType:
permissionsFilter = defGroupsFilterPermissions
case PlatformType:
permissionsFilter = defPlatformFilterPermissions
case DomainType:
permissionsFilter = defDomainsFilterPermissions
default:
return nil, svcerr.ErrMalformedEntity
}
}
pers, err := svc.agent.RetrievePermissions(ctx, pr, permissionsFilter)
if err != nil {
return []string{}, errors.Wrap(svcerr.ErrViewEntity, err)
}
Expand Down

0 comments on commit 31d0e8c

Please sign in to comment.