Skip to content

Commit fa4e023

Browse files
nyagamunenenyagamunene
committed
update roles method
Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
1 parent 6b6d2b3 commit fa4e023

File tree

2 files changed

+23
-72
lines changed

2 files changed

+23
-72
lines changed

pkg/roles/operationperm.go

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@ const (
2323
OpRoleCheckMembersExists
2424
OpRoleRemoveMembers
2525
OpRoleRemoveAllMembers
26+
OpListAvailableActions
2627
)
2728

2829
var expectedOperations = []Operation{
@@ -41,6 +42,7 @@ var expectedOperations = []Operation{
4142
OpRoleCheckMembersExists,
4243
OpRoleRemoveMembers,
4344
OpRoleRemoveAllMembers,
45+
OpListAvailableActions,
4446
}
4547

4648
const (
@@ -59,6 +61,7 @@ const (
5961
OpRoleCheckMembersExistsStr = "OpRoleCheckMembersExists"
6062
OpRoleRemoveMembersStr = "OpRoleRemoveMembers"
6163
OpRoleRemoveAllMembersStr = "OpRoleRemoveAllMembers"
64+
OpListAvailableActionsStr = "OpListAvailableActions"
6265
)
6366

6467
func (op Operation) String() string {
@@ -93,6 +96,8 @@ func (op Operation) String() string {
9396
return OpRoleRemoveMembersStr
9497
case OpRoleRemoveAllMembers:
9598
return OpRoleRemoveAllMembersStr
99+
case OpListAvailableActions:
100+
return OpListAvailableActionsStr
96101
default:
97102
return fmt.Sprintf("unknown operation: %d", op)
98103
}

pkg/roles/rolemanager/middleware/authorization.go

Lines changed: 18 additions & 72 deletions
Original file line numberDiff line numberDiff line change
@@ -5,21 +5,15 @@ package middleware
55

66
import (
77
"context"
8-
"fmt"
98
"maps"
109
"time"
1110

12-
"github.com/absmach/supermq/channels"
13-
"github.com/absmach/supermq/clients"
14-
"github.com/absmach/supermq/domains"
15-
"github.com/absmach/supermq/groups"
1611
"github.com/absmach/supermq/pkg/authn"
1712
smqauthz "github.com/absmach/supermq/pkg/authz"
1813
"github.com/absmach/supermq/pkg/callout"
1914
"github.com/absmach/supermq/pkg/errors"
2015
"github.com/absmach/supermq/pkg/policies"
2116
"github.com/absmach/supermq/pkg/roles"
22-
"github.com/absmach/supermq/pkg/svcutil"
2317
)
2418

2519
var _ roles.RoleManager = (*RoleManagerAuthorizationMiddleware)(nil)
@@ -47,57 +41,9 @@ func NewRoleManagerAuthorizationMiddleware(entityType string, svc roles.RoleMana
4741
authz: authz,
4842
opp: opp,
4943
}
50-
if err := ram.validate(); err != nil {
51-
return RoleManagerAuthorizationMiddleware{}, err
52-
}
5344
return ram, nil
5445
}
5546

56-
func addOperationPermissionMap(OperationPerm *any, rolesOpMap any) error {
57-
switch op := (*OperationPerm).(type) {
58-
case *channels.OperationPerm:
59-
mp, ok := rolesOpMap.(map[channels.Operation]channels.Permission)
60-
if !ok {
61-
return fmt.Errorf("invalid type")
62-
}
63-
err := op.AddOperationPermissionMap(mp)
64-
if err != nil {
65-
return fmt.Errorf("failed adding channels operation permission map")
66-
}
67-
case *domains.OperationPerm:
68-
mp, ok := rolesOpMap.(map[domains.Operation]domains.Permission)
69-
if !ok {
70-
return fmt.Errorf("invalid type")
71-
}
72-
err := op.AddOperationPermissionMap(mp)
73-
if err != nil {
74-
return fmt.Errorf("failed adding domains operation permission map")
75-
}
76-
case *clients.OperationPerm:
77-
mp, ok := rolesOpMap.(map[clients.Operation]clients.Permission)
78-
if !ok {
79-
return fmt.Errorf("invalid type")
80-
}
81-
err := op.AddOperationPermissionMap(mp)
82-
if err != nil {
83-
return fmt.Errorf("failed adding clients operation permission map")
84-
}
85-
case *groups.OperationPerm:
86-
mp, ok := rolesOpMap.(map[groups.Operation]groups.Permission)
87-
if !ok {
88-
return fmt.Errorf("invalid type")
89-
}
90-
err := op.AddOperationPermissionMap(mp)
91-
if err != nil {
92-
return fmt.Errorf("failed adding groups operation permission map")
93-
}
94-
default:
95-
return fmt.Errorf("opp does not implement AddOperationPermissionMap method")
96-
}
97-
98-
return nil
99-
}
100-
10147
func (ram RoleManagerAuthorizationMiddleware) AddRole(ctx context.Context, session authn.Session, entityID, roleName string, optionalActions []string, optionalMembers []string) (roles.RoleProvision, error) {
10248
if err := ram.authorize(ctx, roles.OpAddRole, smqauthz.PolicyReq{
10349
Domain: session.DomainID,
@@ -119,7 +65,7 @@ func (ram RoleManagerAuthorizationMiddleware) AddRole(ctx context.Context, sessi
11965
"optional_members": optionalMembers,
12066
"count": 1,
12167
}
122-
if err := ram.callOut(ctx, session, roles.OpAddRole.String(roles.OperationNames), params); err != nil {
68+
if err := ram.callOut(ctx, session, roles.OpAddRole.String(), params); err != nil {
12369
return roles.RoleProvision{}, err
12470
}
12571
return ram.svc.AddRole(ctx, session, entityID, roleName, optionalActions, optionalMembers)
@@ -140,7 +86,7 @@ func (ram RoleManagerAuthorizationMiddleware) RemoveRole(ctx context.Context, se
14086
"entity_id": entityID,
14187
"role_id": roleID,
14288
}
143-
if err := ram.callOut(ctx, session, roles.OpRemoveRole.String(roles.OperationNames), params); err != nil {
89+
if err := ram.callOut(ctx, session, roles.OpRemoveRole.String(), params); err != nil {
14490
return err
14591
}
14692
return ram.svc.RemoveRole(ctx, session, entityID, roleID)
@@ -162,7 +108,7 @@ func (ram RoleManagerAuthorizationMiddleware) UpdateRoleName(ctx context.Context
162108
"role_id": roleID,
163109
"new_role_name": newRoleName,
164110
}
165-
if err := ram.callOut(ctx, session, roles.OpUpdateRoleName.String(roles.OperationNames), params); err != nil {
111+
if err := ram.callOut(ctx, session, roles.OpUpdateRoleName.String(), params); err != nil {
166112
return roles.Role{}, err
167113
}
168114
return ram.svc.UpdateRoleName(ctx, session, entityID, roleID, newRoleName)
@@ -183,7 +129,7 @@ func (ram RoleManagerAuthorizationMiddleware) RetrieveRole(ctx context.Context,
183129
"entity_id": entityID,
184130
"role_id": roleID,
185131
}
186-
if err := ram.callOut(ctx, session, roles.OpRetrieveRole.String(roles.OperationNames), params); err != nil {
132+
if err := ram.callOut(ctx, session, roles.OpRetrieveRole.String(), params); err != nil {
187133
return roles.Role{}, err
188134
}
189135
return ram.svc.RetrieveRole(ctx, session, entityID, roleID)
@@ -205,15 +151,15 @@ func (ram RoleManagerAuthorizationMiddleware) RetrieveAllRoles(ctx context.Conte
205151
"limit": limit,
206152
"offset": offset,
207153
}
208-
if err := ram.callOut(ctx, session, roles.OpRetrieveAllRoles.String(roles.OperationNames), params); err != nil {
154+
if err := ram.callOut(ctx, session, roles.OpRetrieveAllRoles.String(), params); err != nil {
209155
return roles.RolePage{}, err
210156
}
211157
return ram.svc.RetrieveAllRoles(ctx, session, entityID, limit, offset)
212158
}
213159

214160
func (ram RoleManagerAuthorizationMiddleware) ListAvailableActions(ctx context.Context, session authn.Session) ([]string, error) {
215161
params := map[string]any{}
216-
if err := ram.callOut(ctx, session, roles.OpListAvailableActions.String(roles.OperationNames), params); err != nil {
162+
if err := ram.callOut(ctx, session, roles.OpListAvailableActions.String(), params); err != nil {
217163
return []string{}, err
218164
}
219165
return ram.svc.ListAvailableActions(ctx, session)
@@ -236,7 +182,7 @@ func (ram RoleManagerAuthorizationMiddleware) RoleAddActions(ctx context.Context
236182
"role_id": roleID,
237183
"actions": actions,
238184
}
239-
if err := ram.callOut(ctx, session, roles.OpRoleAddActions.String(roles.OperationNames), params); err != nil {
185+
if err := ram.callOut(ctx, session, roles.OpRoleAddActions.String(), params); err != nil {
240186
return []string{}, err
241187
}
242188

@@ -259,7 +205,7 @@ func (ram RoleManagerAuthorizationMiddleware) RoleListActions(ctx context.Contex
259205
"entity_id": entityID,
260206
"role_id": roleID,
261207
}
262-
if err := ram.callOut(ctx, session, roles.OpRoleListActions.String(roles.OperationNames), params); err != nil {
208+
if err := ram.callOut(ctx, session, roles.OpRoleListActions.String(), params); err != nil {
263209
return []string{}, err
264210
}
265211

@@ -282,7 +228,7 @@ func (ram RoleManagerAuthorizationMiddleware) RoleCheckActionsExists(ctx context
282228
"role_id": roleID,
283229
"actions": actions,
284230
}
285-
if err := ram.callOut(ctx, session, roles.OpRoleCheckActionsExists.String(roles.OperationNames), params); err != nil {
231+
if err := ram.callOut(ctx, session, roles.OpRoleCheckActionsExists.String(), params); err != nil {
286232
return false, err
287233
}
288234
return ram.svc.RoleCheckActionsExists(ctx, session, entityID, roleID, actions)
@@ -304,7 +250,7 @@ func (ram RoleManagerAuthorizationMiddleware) RoleRemoveActions(ctx context.Cont
304250
"role_id": roleID,
305251
"actions": actions,
306252
}
307-
if err := ram.callOut(ctx, session, roles.OpRoleRemoveActions.String(roles.OperationNames), params); err != nil {
253+
if err := ram.callOut(ctx, session, roles.OpRoleRemoveActions.String(), params); err != nil {
308254
return err
309255
}
310256

@@ -326,7 +272,7 @@ func (ram RoleManagerAuthorizationMiddleware) RoleRemoveAllActions(ctx context.C
326272
"entity_id": entityID,
327273
"role_id": roleID,
328274
}
329-
if err := ram.callOut(ctx, session, roles.OpRoleRemoveAllActions.String(roles.OperationNames), params); err != nil {
275+
if err := ram.callOut(ctx, session, roles.OpRoleRemoveAllActions.String(), params); err != nil {
330276
return err
331277
}
332278
return ram.svc.RoleRemoveAllActions(ctx, session, entityID, roleID)
@@ -352,7 +298,7 @@ func (ram RoleManagerAuthorizationMiddleware) RoleAddMembers(ctx context.Context
352298
"role_id": roleID,
353299
"members": members,
354300
}
355-
if err := ram.callOut(ctx, session, roles.OpRoleAddMembers.String(roles.OperationNames), params); err != nil {
301+
if err := ram.callOut(ctx, session, roles.OpRoleAddMembers.String(), params); err != nil {
356302
return []string{}, err
357303
}
358304
return ram.svc.RoleAddMembers(ctx, session, entityID, roleID, members)
@@ -375,7 +321,7 @@ func (ram RoleManagerAuthorizationMiddleware) RoleListMembers(ctx context.Contex
375321
"limit": limit,
376322
"offset": offset,
377323
}
378-
if err := ram.callOut(ctx, session, roles.OpRoleListMembers.String(roles.OperationNames), params); err != nil {
324+
if err := ram.callOut(ctx, session, roles.OpRoleListMembers.String(), params); err != nil {
379325
return roles.MembersPage{}, err
380326
}
381327
return ram.svc.RoleListMembers(ctx, session, entityID, roleID, limit, offset)
@@ -397,7 +343,7 @@ func (ram RoleManagerAuthorizationMiddleware) RoleCheckMembersExists(ctx context
397343
"role_id": roleID,
398344
"members": members,
399345
}
400-
if err := ram.callOut(ctx, session, roles.OpRoleCheckMembersExists.String(roles.OperationNames), params); err != nil {
346+
if err := ram.callOut(ctx, session, roles.OpRoleCheckMembersExists.String(), params); err != nil {
401347
return false, err
402348
}
403349
return ram.svc.RoleCheckMembersExists(ctx, session, entityID, roleID, members)
@@ -418,7 +364,7 @@ func (ram RoleManagerAuthorizationMiddleware) RoleRemoveAllMembers(ctx context.C
418364
"entity_id": entityID,
419365
"role_id": roleID,
420366
}
421-
if err := ram.callOut(ctx, session, roles.OpRoleRemoveAllMembers.String(roles.OperationNames), params); err != nil {
367+
if err := ram.callOut(ctx, session, roles.OpRoleRemoveAllMembers.String(), params); err != nil {
422368
return err
423369
}
424370
return ram.svc.RoleRemoveAllMembers(ctx, session, entityID, roleID)
@@ -439,7 +385,7 @@ func (ram RoleManagerAuthorizationMiddleware) ListEntityMembers(ctx context.Cont
439385
"entity_id": entityID,
440386
"page_query": pageQuery,
441387
}
442-
if err := ram.callOut(ctx, session, roles.OpRoleListMembers.String(roles.OperationNames), params); err != nil {
388+
if err := ram.callOut(ctx, session, roles.OpRoleListMembers.String(), params); err != nil {
443389
return roles.MembersRolePage{}, err
444390
}
445391
return ram.svc.ListEntityMembers(ctx, session, entityID, pageQuery)
@@ -460,7 +406,7 @@ func (ram RoleManagerAuthorizationMiddleware) RemoveEntityMembers(ctx context.Co
460406
"entity_id": entityID,
461407
"members": members,
462408
}
463-
if err := ram.callOut(ctx, session, roles.OpRoleRemoveAllMembers.String(roles.OperationNames), params); err != nil {
409+
if err := ram.callOut(ctx, session, roles.OpRoleRemoveAllMembers.String(), params); err != nil {
464410
return err
465411
}
466412
return ram.svc.RemoveEntityMembers(ctx, session, entityID, members)
@@ -482,7 +428,7 @@ func (ram RoleManagerAuthorizationMiddleware) RoleRemoveMembers(ctx context.Cont
482428
"role_id": roleID,
483429
"members": members,
484430
}
485-
if err := ram.callOut(ctx, session, roles.OpRoleRemoveMembers.String(roles.OperationNames), params); err != nil {
431+
if err := ram.callOut(ctx, session, roles.OpRoleRemoveMembers.String(), params); err != nil {
486432
return err
487433
}
488434
return ram.svc.RoleRemoveMembers(ctx, session, entityID, roleID, members)

0 commit comments

Comments
 (0)