Skip to content

Commit 79a8b8f

Browse files
nyagamunenenyagamunene
committed
initial implementation
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
1 parent d7ab790 commit 79a8b8f

File tree

13 files changed

+301
-409
lines changed

13 files changed

+301
-409
lines changed

channels/middleware/authorization.go

Lines changed: 3 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,6 @@ import (
2020
"github.com/absmach/supermq/pkg/policies"
2121
"github.com/absmach/supermq/pkg/roles"
2222
rmMW "github.com/absmach/supermq/pkg/roles/rolemanager/middleware"
23-
"github.com/absmach/supermq/pkg/svcutil"
2423
)
2524

2625
var (
@@ -59,7 +58,8 @@ func AuthorizationMiddleware(
5958
svc channels.Service,
6059
repo channels.Repository,
6160
authz smqauthz.Authorization,
62-
channelsOpPerm, rolesOpPerm map[channels.Operation]channels.Permission,
61+
channelsOpPerm map[channels.Operation]channels.Permission,
62+
rolesOpPerm map[roles.Operation]roles.Permission,
6363
extOpPerm map[channels.ExternalOperation]channels.Permission,
6464
callout callout.Callout,
6565
) (channels.Service, error) {
@@ -79,12 +79,7 @@ func AuthorizationMiddleware(
7979
return nil, err
8080
}
8181

82-
res := make(map[svcutil.Operation]svcutil.Permission, len(rolesOpPerm))
83-
for op, perm := range rolesOpPerm {
84-
res[svcutil.Operation(op)] = svcutil.Permission(perm)
85-
}
86-
87-
ram, err := rmMW.NewRoleManagerAuthorizationMiddleware(policies.ChannelType, svc, authz, res)
82+
ram, err := rmMW.NewRoleManagerAuthorizationMiddleware(policies.ChannelType, svc, authz, rolesOpPerm)
8883
if err != nil {
8984
return nil, err
9085
}

channels/roleoperations.go

Lines changed: 19 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,8 @@
33

44
package channels
55

6+
import "github.com/absmach/supermq/pkg/roles"
7+
68
// Internal Operations
79

810
const (
@@ -117,41 +119,23 @@ func NewOperationPermissionMap() map[Operation]Permission {
117119
return opPerm
118120
}
119121

120-
const (
121-
OpAddRole Operation = iota
122-
OpRemoveRole
123-
OpUpdateRoleName
124-
OpRetrieveRole
125-
OpRetrieveAllRoles
126-
OpRoleAddActions
127-
OpRoleListActions
128-
OpRoleCheckActionsExists
129-
OpRoleRemoveActions
130-
OpRoleRemoveAllActions
131-
OpRoleAddMembers
132-
OpRoleListMembers
133-
OpRoleCheckMembersExists
134-
OpRoleRemoveMembers
135-
OpRoleRemoveAllMembers
136-
)
137-
138-
func NewRolesOperationPermissionMap() map[Operation]Permission {
139-
opPerm := map[Operation]Permission{
140-
OpAddRole: manageRolePermission,
141-
OpRemoveRole: manageRolePermission,
142-
OpUpdateRoleName: manageRolePermission,
143-
OpRetrieveRole: manageRolePermission,
144-
OpRetrieveAllRoles: manageRolePermission,
145-
OpRoleAddActions: manageRolePermission,
146-
OpRoleListActions: manageRolePermission,
147-
OpRoleCheckActionsExists: manageRolePermission,
148-
OpRoleRemoveActions: manageRolePermission,
149-
OpRoleRemoveAllActions: manageRolePermission,
150-
OpRoleAddMembers: addRoleUsersPermission,
151-
OpRoleListMembers: viewRoleUsersPermission,
152-
OpRoleCheckMembersExists: viewRoleUsersPermission,
153-
OpRoleRemoveMembers: removeRoleUsersPermission,
154-
OpRoleRemoveAllMembers: manageRolePermission,
122+
func NewRolesOperationPermissionMap() map[roles.Operation]roles.Permission {
123+
opPerm := map[roles.Operation]roles.Permission{
124+
roles.OpAddRole: manageRolePermission,
125+
roles.OpRemoveRole: manageRolePermission,
126+
roles.OpUpdateRoleName: manageRolePermission,
127+
roles.OpRetrieveRole: manageRolePermission,
128+
roles.OpRetrieveAllRoles: manageRolePermission,
129+
roles.OpRoleAddActions: manageRolePermission,
130+
roles.OpRoleListActions: manageRolePermission,
131+
roles.OpRoleCheckActionsExists: manageRolePermission,
132+
roles.OpRoleRemoveActions: manageRolePermission,
133+
roles.OpRoleRemoveAllActions: manageRolePermission,
134+
roles.OpRoleAddMembers: addRoleUsersPermission,
135+
roles.OpRoleListMembers: viewRoleUsersPermission,
136+
roles.OpRoleCheckMembersExists: viewRoleUsersPermission,
137+
roles.OpRoleRemoveMembers: removeRoleUsersPermission,
138+
roles.OpRoleRemoveAllMembers: manageRolePermission,
155139
}
156140
return opPerm
157141
}

clients/middleware/authorization.go

Lines changed: 3 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,6 @@ import (
1818
"github.com/absmach/supermq/pkg/policies"
1919
"github.com/absmach/supermq/pkg/roles"
2020
rmMW "github.com/absmach/supermq/pkg/roles/rolemanager/middleware"
21-
"github.com/absmach/supermq/pkg/svcutil"
2221
)
2322

2423
var (
@@ -54,7 +53,8 @@ func AuthorizationMiddleware(
5453
svc clients.Service,
5554
authz smqauthz.Authorization,
5655
repo clients.Repository,
57-
thingsOpPerm, rolesOpPerm map[clients.Operation]clients.Permission,
56+
thingsOpPerm map[clients.Operation]clients.Permission,
57+
rolesOpPerm map[roles.Operation]roles.Permission,
5858
extOpPerm map[clients.ExternalOperation]clients.Permission,
5959
callout callout.Callout,
6060
) (clients.Service, error) {
@@ -66,12 +66,7 @@ func AuthorizationMiddleware(
6666
return nil, err
6767
}
6868

69-
res := make(map[svcutil.Operation]svcutil.Permission, len(rolesOpPerm))
70-
for op, perm := range rolesOpPerm {
71-
res[svcutil.Operation(op)] = svcutil.Permission(perm)
72-
}
73-
74-
ram, err := rmMW.NewRoleManagerAuthorizationMiddleware(policies.ClientType, svc, authz, res)
69+
ram, err := rmMW.NewRoleManagerAuthorizationMiddleware(policies.ClientType, svc, authz, rolesOpPerm)
7570
if err != nil {
7671
return nil, err
7772
}

clients/roleoperations.go

Lines changed: 19 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,8 @@
33

44
package clients
55

6+
import "github.com/absmach/supermq/pkg/roles"
7+
68
// Internal Operations.
79
const (
810
OpViewClient Operation = iota
@@ -120,41 +122,23 @@ func NewOperationPermissionMap() map[Operation]Permission {
120122
return opPerm
121123
}
122124

123-
const (
124-
OpAddRole Operation = iota
125-
OpRemoveRole
126-
OpUpdateRoleName
127-
OpRetrieveRole
128-
OpRetrieveAllRoles
129-
OpRoleAddActions
130-
OpRoleListActions
131-
OpRoleCheckActionsExists
132-
OpRoleRemoveActions
133-
OpRoleRemoveAllActions
134-
OpRoleAddMembers
135-
OpRoleListMembers
136-
OpRoleCheckMembersExists
137-
OpRoleRemoveMembers
138-
OpRoleRemoveAllMembers
139-
)
140-
141-
func NewRolesOperationPermissionMap() map[Operation]Permission {
142-
opPerm := map[Operation]Permission{
143-
OpAddRole: manageRolePermission,
144-
OpRemoveRole: manageRolePermission,
145-
OpUpdateRoleName: manageRolePermission,
146-
OpRetrieveRole: manageRolePermission,
147-
OpRetrieveAllRoles: manageRolePermission,
148-
OpRoleAddActions: manageRolePermission,
149-
OpRoleListActions: manageRolePermission,
150-
OpRoleCheckActionsExists: manageRolePermission,
151-
OpRoleRemoveActions: manageRolePermission,
152-
OpRoleRemoveAllActions: manageRolePermission,
153-
OpRoleAddMembers: addRoleUsersPermission,
154-
OpRoleListMembers: viewRoleUsersPermission,
155-
OpRoleCheckMembersExists: viewRoleUsersPermission,
156-
OpRoleRemoveMembers: removeRoleUsersPermission,
157-
OpRoleRemoveAllMembers: manageRolePermission,
125+
func NewRolesOperationPermissionMap() map[roles.Operation]roles.Permission {
126+
opPerm := map[roles.Operation]roles.Permission{
127+
roles.OpAddRole: manageRolePermission,
128+
roles.OpRemoveRole: manageRolePermission,
129+
roles.OpUpdateRoleName: manageRolePermission,
130+
roles.OpRetrieveRole: manageRolePermission,
131+
roles.OpRetrieveAllRoles: manageRolePermission,
132+
roles.OpRoleAddActions: manageRolePermission,
133+
roles.OpRoleListActions: manageRolePermission,
134+
roles.OpRoleCheckActionsExists: manageRolePermission,
135+
roles.OpRoleRemoveActions: manageRolePermission,
136+
roles.OpRoleRemoveAllActions: manageRolePermission,
137+
roles.OpRoleAddMembers: addRoleUsersPermission,
138+
roles.OpRoleListMembers: viewRoleUsersPermission,
139+
roles.OpRoleCheckMembersExists: viewRoleUsersPermission,
140+
roles.OpRoleRemoveMembers: removeRoleUsersPermission,
141+
roles.OpRoleRemoveAllMembers: manageRolePermission,
158142
}
159143
return opPerm
160144
}

domains/middleware/authorization.go

Lines changed: 2 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,6 @@ import (
1919
"github.com/absmach/supermq/pkg/policies"
2020
"github.com/absmach/supermq/pkg/roles"
2121
rmMW "github.com/absmach/supermq/pkg/roles/rolemanager/middleware"
22-
"github.com/absmach/supermq/pkg/svcutil"
2322
)
2423

2524
var _ domains.Service = (*authorizationMiddleware)(nil)
@@ -36,7 +35,7 @@ type authorizationMiddleware struct {
3635
}
3736

3837
// AuthorizationMiddleware adds authorization to the clients service.
39-
func AuthorizationMiddleware(entityType string, svc domains.Service, authz smqauthz.Authorization, domainsOpPerm, rolesOpPerm map[domains.Operation]domains.Permission, callout callout.Callout) (domains.Service, error) {
38+
func AuthorizationMiddleware(entityType string, svc domains.Service, authz smqauthz.Authorization, domainsOpPerm map[domains.Operation]domains.Permission,rolesOpPerm map[roles.Operation]roles.Permission, callout callout.Callout) (domains.Service, error) {
4039
opp := domains.NewOperationPerm()
4140
if err := opp.AddOperationPermissionMap(domainsOpPerm); err != nil {
4241
return nil, err
@@ -45,12 +44,7 @@ func AuthorizationMiddleware(entityType string, svc domains.Service, authz smqau
4544
return nil, err
4645
}
4746

48-
res := make(map[svcutil.Operation]svcutil.Permission, len(rolesOpPerm))
49-
for op, perm := range rolesOpPerm {
50-
res[svcutil.Operation(op)] = svcutil.Permission(perm)
51-
}
52-
53-
ram, err := rmMW.NewRoleManagerAuthorizationMiddleware(entityType, svc, authz, res)
47+
ram, err := rmMW.NewRoleManagerAuthorizationMiddleware(entityType, svc, authz, rolesOpPerm)
5448
if err != nil {
5549
return nil, err
5650
}

domains/roleoperations.go

Lines changed: 19 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,8 @@
33

44
package domains
55

6+
import "github.com/absmach/supermq/pkg/roles"
7+
68
const (
79
OpUpdateDomain Operation = iota
810
OpRetrieveDomain
@@ -76,41 +78,23 @@ func NewOperationPermissionMap() map[Operation]Permission {
7678
return opPerm
7779
}
7880

79-
const (
80-
OpAddRole Operation = iota
81-
OpRemoveRole
82-
OpUpdateRoleName
83-
OpRetrieveRole
84-
OpRetrieveAllRoles
85-
OpRoleAddActions
86-
OpRoleListActions
87-
OpRoleCheckActionsExists
88-
OpRoleRemoveActions
89-
OpRoleRemoveAllActions
90-
OpRoleAddMembers
91-
OpRoleListMembers
92-
OpRoleCheckMembersExists
93-
OpRoleRemoveMembers
94-
OpRoleRemoveAllMembers
95-
)
96-
97-
func NewRolesOperationPermissionMap() map[Operation]Permission {
98-
opPerm := map[Operation]Permission{
99-
OpAddRole: manageRolePermission,
100-
OpRemoveRole: manageRolePermission,
101-
OpUpdateRoleName: manageRolePermission,
102-
OpRetrieveRole: manageRolePermission,
103-
OpRetrieveAllRoles: manageRolePermission,
104-
OpRoleAddActions: manageRolePermission,
105-
OpRoleListActions: manageRolePermission,
106-
OpRoleCheckActionsExists: manageRolePermission,
107-
OpRoleRemoveActions: manageRolePermission,
108-
OpRoleRemoveAllActions: manageRolePermission,
109-
OpRoleAddMembers: addRoleUsersPermission,
110-
OpRoleListMembers: viewRoleUsersPermission,
111-
OpRoleCheckMembersExists: viewRoleUsersPermission,
112-
OpRoleRemoveMembers: removeRoleUsersPermission,
113-
OpRoleRemoveAllMembers: manageRolePermission,
81+
func NewRolesOperationPermissionMap() map[roles.Operation]roles.Permission {
82+
opPerm := map[roles.Operation]roles.Permission{
83+
roles.OpAddRole: manageRolePermission,
84+
roles.OpRemoveRole: manageRolePermission,
85+
roles.OpUpdateRoleName: manageRolePermission,
86+
roles.OpRetrieveRole: manageRolePermission,
87+
roles.OpRetrieveAllRoles: manageRolePermission,
88+
roles.OpRoleAddActions: manageRolePermission,
89+
roles.OpRoleListActions: manageRolePermission,
90+
roles.OpRoleCheckActionsExists: manageRolePermission,
91+
roles.OpRoleRemoveActions: manageRolePermission,
92+
roles.OpRoleRemoveAllActions: manageRolePermission,
93+
roles.OpRoleAddMembers: addRoleUsersPermission,
94+
roles.OpRoleListMembers: viewRoleUsersPermission,
95+
roles.OpRoleCheckMembersExists: viewRoleUsersPermission,
96+
roles.OpRoleRemoveMembers: removeRoleUsersPermission,
97+
roles.OpRoleRemoveAllMembers: manageRolePermission,
11498
}
11599
return opPerm
116100
}

groups/middleware/authorization.go

Lines changed: 3 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,6 @@ import (
1919
"github.com/absmach/supermq/pkg/policies"
2020
"github.com/absmach/supermq/pkg/roles"
2121
rmMW "github.com/absmach/supermq/pkg/roles/rolemanager/middleware"
22-
"github.com/absmach/supermq/pkg/svcutil"
2322
)
2423

2524
var (
@@ -59,7 +58,8 @@ func AuthorizationMiddleware(entityType string,
5958
svc groups.Service,
6059
repo groups.Repository,
6160
authz smqauthz.Authorization,
62-
groupsOpPerm, rolesOpPerm map[groups.Operation]groups.Permission,
61+
groupsOpPerm map[groups.Operation]groups.Permission,
62+
rolesOpPerm map[roles.Operation]roles.Permission,
6363
extOpPerm map[groups.ExternalOperation]groups.Permission,
6464
callout callout.Callout,
6565
) (groups.Service, error) {
@@ -79,12 +79,7 @@ func AuthorizationMiddleware(entityType string,
7979
return nil, err
8080
}
8181

82-
res := make(map[svcutil.Operation]svcutil.Permission, len(rolesOpPerm))
83-
for op, perm := range rolesOpPerm {
84-
res[svcutil.Operation(op)] = svcutil.Permission(perm)
85-
}
86-
87-
ram, err := rmMW.NewRoleManagerAuthorizationMiddleware(entityType, svc, authz, res)
82+
ram, err := rmMW.NewRoleManagerAuthorizationMiddleware(entityType, svc, authz, rolesOpPerm)
8883
if err != nil {
8984
return nil, err
9085
}

groups/roleoperations.go

Lines changed: 19 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,8 @@
33

44
package groups
55

6+
import "github.com/absmach/supermq/pkg/roles"
7+
68
// Internal Operations.
79
const (
810
OpViewGroup Operation = iota
@@ -125,41 +127,23 @@ func NewOperationPermissionMap() map[Operation]Permission {
125127
return opPerm
126128
}
127129

128-
const (
129-
OpAddRole Operation = iota
130-
OpRemoveRole
131-
OpUpdateRoleName
132-
OpRetrieveRole
133-
OpRetrieveAllRoles
134-
OpRoleAddActions
135-
OpRoleListActions
136-
OpRoleCheckActionsExists
137-
OpRoleRemoveActions
138-
OpRoleRemoveAllActions
139-
OpRoleAddMembers
140-
OpRoleListMembers
141-
OpRoleCheckMembersExists
142-
OpRoleRemoveMembers
143-
OpRoleRemoveAllMembers
144-
)
145-
146-
func NewRolesOperationPermissionMap() map[Operation]Permission {
147-
opPerm := map[Operation]Permission{
148-
OpAddRole: manageRolePermission,
149-
OpRemoveRole: manageRolePermission,
150-
OpUpdateRoleName: manageRolePermission,
151-
OpRetrieveRole: manageRolePermission,
152-
OpRetrieveAllRoles: manageRolePermission,
153-
OpRoleAddActions: manageRolePermission,
154-
OpRoleListActions: manageRolePermission,
155-
OpRoleCheckActionsExists: manageRolePermission,
156-
OpRoleRemoveActions: manageRolePermission,
157-
OpRoleRemoveAllActions: manageRolePermission,
158-
OpRoleAddMembers: addRoleUsersPermission,
159-
OpRoleListMembers: viewRoleUsersPermission,
160-
OpRoleCheckMembersExists: viewRoleUsersPermission,
161-
OpRoleRemoveMembers: removeRoleUsersPermission,
162-
OpRoleRemoveAllMembers: manageRolePermission,
130+
func NewRolesOperationPermissionMap() map[roles.Operation]roles.Permission {
131+
opPerm := map[roles.Operation]roles.Permission{
132+
roles.OpAddRole: manageRolePermission,
133+
roles.OpRemoveRole: manageRolePermission,
134+
roles.OpUpdateRoleName: manageRolePermission,
135+
roles.OpRetrieveRole: manageRolePermission,
136+
roles.OpRetrieveAllRoles: manageRolePermission,
137+
roles.OpRoleAddActions: manageRolePermission,
138+
roles.OpRoleListActions: manageRolePermission,
139+
roles.OpRoleCheckActionsExists: manageRolePermission,
140+
roles.OpRoleRemoveActions: manageRolePermission,
141+
roles.OpRoleRemoveAllActions: manageRolePermission,
142+
roles.OpRoleAddMembers: addRoleUsersPermission,
143+
roles.OpRoleListMembers: viewRoleUsersPermission,
144+
roles.OpRoleCheckMembersExists: viewRoleUsersPermission,
145+
roles.OpRoleRemoveMembers: removeRoleUsersPermission,
146+
roles.OpRoleRemoveAllMembers: manageRolePermission,
163147
}
164148
return opPerm
165149
}

0 commit comments

Comments
 (0)