From 31d0e8c4529339a6626c9ff03a65972bf407dd89 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Du=C5=A1an=20Borov=C4=8Danin?= Date: Wed, 22 May 2024 20:02:15 +0200 Subject: [PATCH] NOISSUE - Move default permission filters from Auth API to service (#2252) Signed-off-by: Dusan Borovcanin --- auth/api/grpc/server.go | 52 +-------------------------------------- auth/service.go | 54 ++++++++++++++++++++++++++++++++++++++--- 2 files changed, 52 insertions(+), 54 deletions(-) diff --git a/auth/api/grpc/server.go b/auth/api/grpc/server.go index d131ecdef5..fb23f7bf73 100644 --- a/auth/api/grpc/server.go +++ b/auth/api/grpc/server.go @@ -18,39 +18,6 @@ import ( var _ magistrala.AuthServiceServer = (*grpcServer)(nil) -var ( - defThingsFilterPermissions = []string{ - auth.AdminPermission, - auth.DeletePermission, - auth.EditPermission, - auth.ViewPermission, - auth.SharePermission, - auth.PublishPermission, - auth.SubscribePermission, - } - - defGroupsFilterPermissions = []string{ - auth.AdminPermission, - auth.DeletePermission, - auth.EditPermission, - auth.ViewPermission, - auth.MembershipPermission, - auth.SharePermission, - } - - defDomainsFilterPermissions = []string{ - auth.AdminPermission, - auth.EditPermission, - auth.ViewPermission, - auth.MembershipPermission, - auth.SharePermission, - } - defPlatformFilterPermissions = []string{ - auth.AdminPermission, - auth.MembershipPermission, - } -) - type grpcServer struct { magistrala.UnimplementedAuthServiceServer issue kitgrpc.Handler @@ -488,23 +455,6 @@ func encodeCountSubjectsResponse(_ context.Context, grpcRes interface{}) (interf func decodeListPermissionsRequest(_ context.Context, grpcReq interface{}) (interface{}, error) { req := grpcReq.(*magistrala.ListPermissionsReq) - var fp []string - - switch req.GetObjectType() { - case auth.ThingType: - fp = defThingsFilterPermissions - case auth.GroupType: - fp = defGroupsFilterPermissions - case auth.PlatformType: - fp = defPlatformFilterPermissions - case auth.DomainType: - fp = defDomainsFilterPermissions - default: - return nil, apiutil.ErrMalformedPolicy - } - if len(req.GetFilterPermissions()) > 0 { - fp = req.GetFilterPermissions() - } return listPermissionsReq{ Domain: req.GetDomain(), SubjectType: req.GetSubjectType(), @@ -512,7 +462,7 @@ func decodeListPermissionsRequest(_ context.Context, grpcReq interface{}) (inter SubjectRelation: req.GetSubjectRelation(), ObjectType: req.GetObjectType(), Object: req.GetObject(), - FilterPermissions: fp, + FilterPermissions: req.GetFilterPermissions(), }, nil } diff --git a/auth/service.go b/auth/service.go index bff4500a8d..cbb5e426a2 100644 --- a/auth/service.go +++ b/auth/service.go @@ -34,7 +34,41 @@ var ( errRemovePolicyEngine = errors.New("failed to remove from policy engine") ) -// Authn specifies an API that must be fullfiled by the domain service +var ( + defThingsFilterPermissions = []string{ + AdminPermission, + DeletePermission, + EditPermission, + ViewPermission, + SharePermission, + PublishPermission, + SubscribePermission, + } + + defGroupsFilterPermissions = []string{ + AdminPermission, + DeletePermission, + EditPermission, + ViewPermission, + MembershipPermission, + SharePermission, + } + + defDomainsFilterPermissions = []string{ + AdminPermission, + EditPermission, + ViewPermission, + MembershipPermission, + SharePermission, + } + + defPlatformFilterPermissions = []string{ + AdminPermission, + MembershipPermission, + } +) + +// Authn specifies an API that must be fulfilled by the domain service // implementation, and all of its decorators (e.g. logging & metrics). // Token is a string value of the actual Key and is used to authenticate // an Auth service request. @@ -348,8 +382,22 @@ func (svc service) CountSubjects(ctx context.Context, pr PolicyReq) (uint64, err return svc.agent.RetrieveAllSubjectsCount(ctx, pr) } -func (svc service) ListPermissions(ctx context.Context, pr PolicyReq, filterPermisions []string) (Permissions, error) { - pers, err := svc.agent.RetrievePermissions(ctx, pr, filterPermisions) +func (svc service) ListPermissions(ctx context.Context, pr PolicyReq, permissionsFilter []string) (Permissions, error) { + if len(permissionsFilter) == 0 { + switch pr.ObjectType { + case ThingType: + permissionsFilter = defThingsFilterPermissions + case GroupType: + permissionsFilter = defGroupsFilterPermissions + case PlatformType: + permissionsFilter = defPlatformFilterPermissions + case DomainType: + permissionsFilter = defDomainsFilterPermissions + default: + return nil, svcerr.ErrMalformedEntity + } + } + pers, err := svc.agent.RetrievePermissions(ctx, pr, permissionsFilter) if err != nil { return []string{}, errors.Wrap(svcerr.ErrViewEntity, err) }