From 4d57db58977cc133bba49fa503caa2d61a6bfc9b Mon Sep 17 00:00:00 2001 From: Mitja Zivkovic Date: Fri, 25 Jan 2019 13:45:13 +0100 Subject: [PATCH] upd(internal): rbac.Operations to rules.Operations --- codegen.sh | 6 +-- codegen/v2/permissions.go | 12 ++++-- internal/{rbac => rules}/operations.go | 19 +++++---- internal/rules/resources.go | 8 ---- sam/service/permissions.go | 6 +-- sam/types/channel.perms.go | 38 ++++++++--------- sam/types/organisation.perms.go | 58 +++++++++++++------------- sam/types/permissions.go | 4 +- sam/types/team.perms.go | 38 ++++++++--------- system/types/rules.go | 34 +++++++++++++-- 10 files changed, 125 insertions(+), 98 deletions(-) rename internal/{rbac => rules}/operations.go (75%) diff --git a/codegen.sh b/codegen.sh index 355203380..6343ef32b 100755 --- a/codegen.sh +++ b/codegen.sh @@ -22,9 +22,9 @@ function permissions { CGO_ENABLED=0 go build -o ./build/gen-permissions codegen/v2/permissions.go fi - ./build/gen-permissions -package types -function "func (c *Organisation) Permissions() []rbac.OperationGroup" -input sam/types/permissions/1-organisation.json -output sam/types/organisation.perms.go - ./build/gen-permissions -package types -function "func (c *Team) Permissions() []rbac.OperationGroup" -input sam/types/permissions/2-team.json -output sam/types/team.perms.go - ./build/gen-permissions -package types -function "func (c *Channel) Permissions() []rbac.OperationGroup" -input sam/types/permissions/3-channel.json -output sam/types/channel.perms.go + ./build/gen-permissions -package types -function "func (c *Organisation) Permissions() []rules.OperationGroup" -input sam/types/permissions/1-organisation.json -output sam/types/organisation.perms.go + ./build/gen-permissions -package types -function "func (c *Team) Permissions() []rules.OperationGroup" -input sam/types/permissions/2-team.json -output sam/types/team.perms.go + ./build/gen-permissions -package types -function "func (c *Channel) Permissions() []rules.OperationGroup" -input sam/types/permissions/3-channel.json -output sam/types/channel.perms.go green "OK" } diff --git a/codegen/v2/permissions.go b/codegen/v2/permissions.go index 3263735f9..a52071c97 100644 --- a/codegen/v2/permissions.go +++ b/codegen/v2/permissions.go @@ -12,7 +12,7 @@ import ( "go/format" "io/ioutil" - "github.com/crusttech/crust/internal/rbac" + "github.com/crusttech/crust/internal/rules" ) func main() { @@ -20,7 +20,7 @@ func main() { pkg = flag.String("package", "main", "Package name") input = flag.String("input", "", "Input .json filename") output = flag.String("output", "", "Output .go filename") - fname = flag.String("function", "func Permissions() []rbac.OperationGroup", "Default function declaration") + fname = flag.String("function", "func Permissions() []rules.OperationGroup", "Default function declaration") ) flag.Parse() @@ -31,11 +31,15 @@ func main() { s = strings.Replace(s, "}", ",\n}", -1) s = strings.Replace(s, "\", ", "\",\n", -1) + s = strings.Replace(s, "Default:2,", "Default: rules.Allow,", -1) + s = strings.Replace(s, "Default:1,", "Default: rules.Deny,", -1) + s = strings.Replace(s, "Default:0,", "Default: rules.Inherit,", -1) + var w bytes.Buffer fmt.Fprintln(&w, "package", *pkg) fmt.Fprintln(&w) - fmt.Fprintln(&w, "import \"github.com/crusttech/crust/internal/rbac\"") + fmt.Fprintln(&w, "import \"github.com/crusttech/crust/internal/rules\"") fmt.Fprintln(&w) fmt.Fprintln(&w, "/* File is generated from", *input, "with permissions.go */") fmt.Fprintln(&w) @@ -52,7 +56,7 @@ func main() { return fmtsrc } - var result []rbac.OperationGroup + var result []rules.OperationGroup f, err := os.Open(*input) if err != nil { log.Fatal(err) diff --git a/internal/rbac/operations.go b/internal/rules/operations.go similarity index 75% rename from internal/rbac/operations.go rename to internal/rules/operations.go index eaede8ae3..4a1380452 100644 --- a/internal/rbac/operations.go +++ b/internal/rules/operations.go @@ -1,4 +1,8 @@ -package rbac +package rules + +import ( + "github.com/crusttech/crust/system/types" +) type ( OperationGroup struct { @@ -19,11 +23,10 @@ type ( // nil = unset (inherit), // true = checked (allow), // false = unchecked (deny) - - Default OperationState `json:"default"` + Default types.Access `json:"default"` } - OperationState string + Access types.Access Permission struct { // Scope (organisation, team, channel) @@ -33,12 +36,12 @@ type ( // Operation name (Operation.Key) Operation string `json:"operation"` // Operation state (inherit, allow, deny) - State OperationState `json:"state"` + State types.Access `json:"state"` } ) const ( - OperationStateInherit OperationState = "" - OperationStateAllow = "allow" - OperationStateDeny = "deny" + Allow = types.Allow + Deny = types.Deny + Inherit = types.Inherit ) diff --git a/internal/rules/resources.go b/internal/rules/resources.go index 646117cf3..33adfa731 100644 --- a/internal/rules/resources.go +++ b/internal/rules/resources.go @@ -16,14 +16,6 @@ type resources struct { db *factory.DB } -type Access types.Access - -var ( - Allow = types.Allow - Deny = types.Deny - Inherit = types.Inherit -) - func NewResources(ctx context.Context, db *factory.DB) ResourcesInterface { return (&resources{}).With(ctx, db) } diff --git a/sam/service/permissions.go b/sam/service/permissions.go index d8910c4d5..e80c2a903 100644 --- a/sam/service/permissions.go +++ b/sam/service/permissions.go @@ -5,7 +5,7 @@ import ( "github.com/pkg/errors" - "github.com/crusttech/crust/internal/rbac" + "github.com/crusttech/crust/internal/rules" "github.com/crusttech/crust/sam/repository" ) @@ -20,7 +20,7 @@ type ( List() (interface{}, error) Get(team string, scope string, resource string) (interface{}, error) - Set(team string, permissions []rbac.Permission) (interface{}, error) + Set(team string, permissions []rules.Permission) (interface{}, error) } ) @@ -44,6 +44,6 @@ func (p *permissions) Get(team string, scope string, resource string) (interface return nil, errors.New("service.permissions.get: not implemented") } -func (p *permissions) Set(team string, permissions []rbac.Permission) (interface{}, error) { +func (p *permissions) Set(team string, permissions []rules.Permission) (interface{}, error) { return nil, errors.New("service.permissions.set: not implemented") } diff --git a/sam/types/channel.perms.go b/sam/types/channel.perms.go index 0dc908565..2fa2fb50a 100644 --- a/sam/types/channel.perms.go +++ b/sam/types/channel.perms.go @@ -1,55 +1,55 @@ package types -import "github.com/crusttech/crust/internal/rbac" +import "github.com/crusttech/crust/internal/rules" /* File is generated from sam/types/permissions/3-channel.json with permissions.go */ -func (c *Channel) Permissions() []rbac.OperationGroup { - return []rbac.OperationGroup{ - rbac.OperationGroup{ +func (c *Channel) Permissions() []rules.OperationGroup { + return []rules.OperationGroup{ + rules.OperationGroup{ Title: "General permissions", - Operations: []rbac.Operation{ - rbac.Operation{ + Operations: []rules.Operation{ + rules.Operation{ Key: "manage.webhooks", Title: "Manage webhooks (@todo: implement webhooks)", Subtitle: "Members with this permission can create, edit and delete webhooks", Enabled: false, - Default: "", + Default: rules.Inherit, }, }, - }, rbac.OperationGroup{ + }, rules.OperationGroup{ Title: "Text Permissions", - Operations: []rbac.Operation{ - rbac.Operation{ + Operations: []rules.Operation{ + rules.Operation{ Key: "send", Title: "Send Messages", Subtitle: "", Enabled: true, - Default: "", - }, rbac.Operation{ + Default: rules.Inherit, + }, rules.Operation{ Key: "embed", Title: "Embed Links", Subtitle: "", Enabled: true, - Default: "", - }, rbac.Operation{ + Default: rules.Inherit, + }, rules.Operation{ Key: "attach", Title: "Attach Files", Subtitle: "", Enabled: true, - Default: "", - }, rbac.Operation{ + Default: rules.Inherit, + }, rules.Operation{ Key: "manage.messages", Title: "Manage messages", Subtitle: "Members with this permission can edit/delete messages inside this channel", Enabled: true, - Default: "", - }, rbac.Operation{ + Default: rules.Inherit, + }, rules.Operation{ Key: "react", Title: "Manage reactions", Subtitle: "Members with this permission can add new reactions to a message", Enabled: true, - Default: "", + Default: rules.Inherit, }, }, }, diff --git a/sam/types/organisation.perms.go b/sam/types/organisation.perms.go index 17faf5b1f..67c9d7591 100644 --- a/sam/types/organisation.perms.go +++ b/sam/types/organisation.perms.go @@ -1,85 +1,85 @@ package types -import "github.com/crusttech/crust/internal/rbac" +import "github.com/crusttech/crust/internal/rules" /* File is generated from sam/types/permissions/1-organisation.json with permissions.go */ -func (c *Organisation) Permissions() []rbac.OperationGroup { - return []rbac.OperationGroup{ - rbac.OperationGroup{ +func (c *Organisation) Permissions() []rules.OperationGroup { + return []rules.OperationGroup{ + rules.OperationGroup{ Title: "General permissions", - Operations: []rbac.Operation{ - rbac.Operation{ + Operations: []rules.Operation{ + rules.Operation{ Key: "admin", Title: "Administrator", Subtitle: "Members with this permission have every permission and also bypass channel specific permissions. Granting this permission is dangerous", Enabled: true, - Default: "deny", - }, rbac.Operation{ + Default: rules.Deny, + }, rules.Operation{ Key: "audit", Title: "View Audit Log (@todo: add audit logs)", Subtitle: "Members with this permission have access to view the servers audit logs", Enabled: false, - Default: "deny", - }, rbac.Operation{ + Default: rules.Deny, + }, rules.Operation{ Key: "manage.organisation", Title: "Manage Organisation", Subtitle: "Members with this permission can change the organisation name and other organisation details", Enabled: true, - Default: "deny", - }, rbac.Operation{ + Default: rules.Deny, + }, rules.Operation{ Key: "manage.roles", Title: "Manage Roles", Subtitle: "Members with this permission can create/edit/delete roles inside this organisation", Enabled: true, - Default: "deny", - }, rbac.Operation{ + Default: rules.Deny, + }, rules.Operation{ Key: "manage.channels", Title: "Manage channels", Subtitle: "Members with this permission can create/edit/delete channels inside this organisation", Enabled: true, - Default: "deny", - }, rbac.Operation{ + Default: rules.Deny, + }, rules.Operation{ Key: "manage.webhooks", Title: "Manage webhooks (@todo: implement webhooks)", Subtitle: "Members with this permission can create, edit and delete webhooks", Enabled: false, - Default: "deny", + Default: rules.Deny, }, }, - }, rbac.OperationGroup{ + }, rules.OperationGroup{ Title: "Text Permissions", - Operations: []rbac.Operation{ - rbac.Operation{ + Operations: []rules.Operation{ + rules.Operation{ Key: "send", Title: "Send Messages", Subtitle: "", Enabled: true, - Default: "allow", - }, rbac.Operation{ + Default: rules.Allow, + }, rules.Operation{ Key: "embed", Title: "Embed Links", Subtitle: "", Enabled: true, - Default: "allow", - }, rbac.Operation{ + Default: rules.Allow, + }, rules.Operation{ Key: "attach", Title: "Attach Files", Subtitle: "", Enabled: true, - Default: "allow", - }, rbac.Operation{ + Default: rules.Allow, + }, rules.Operation{ Key: "manage.messages", Title: "Manage messages", Subtitle: "Members with this permission can edit/delete messages inside channels", Enabled: true, - Default: "deny", - }, rbac.Operation{ + Default: rules.Deny, + }, rules.Operation{ Key: "react", Title: "Manage reactions", Subtitle: "Members with this permission can add new reactions to a message", Enabled: true, - Default: "allow", + Default: rules.Allow, }, }, }, diff --git a/sam/types/permissions.go b/sam/types/permissions.go index cdd9d2c67..9705b357c 100644 --- a/sam/types/permissions.go +++ b/sam/types/permissions.go @@ -1,7 +1,7 @@ package types import ( - "github.com/crusttech/crust/internal/rbac" + "github.com/crusttech/crust/internal/rules" ) type ( @@ -9,7 +9,7 @@ type ( Scope() string Resource() string Operation(name string) string - Permissions() []rbac.OperationGroup + Permissions() []rules.OperationGroup } ) diff --git a/sam/types/team.perms.go b/sam/types/team.perms.go index 92e7ffee3..ca6a0efa9 100644 --- a/sam/types/team.perms.go +++ b/sam/types/team.perms.go @@ -1,55 +1,55 @@ package types -import "github.com/crusttech/crust/internal/rbac" +import "github.com/crusttech/crust/internal/rules" /* File is generated from sam/types/permissions/2-team.json with permissions.go */ -func (c *Team) Permissions() []rbac.OperationGroup { - return []rbac.OperationGroup{ - rbac.OperationGroup{ +func (c *Team) Permissions() []rules.OperationGroup { + return []rules.OperationGroup{ + rules.OperationGroup{ Title: "General permissions", - Operations: []rbac.Operation{ - rbac.Operation{ + Operations: []rules.Operation{ + rules.Operation{ Key: "manage.webhooks", Title: "Manage webhooks (@todo: implement webhooks)", Subtitle: "Members with this permission can create, edit and delete webhooks", Enabled: false, - Default: "", + Default: rules.Inherit, }, }, - }, rbac.OperationGroup{ + }, rules.OperationGroup{ Title: "Text Permissions", - Operations: []rbac.Operation{ - rbac.Operation{ + Operations: []rules.Operation{ + rules.Operation{ Key: "send", Title: "Send Messages", Subtitle: "", Enabled: true, - Default: "", - }, rbac.Operation{ + Default: rules.Inherit, + }, rules.Operation{ Key: "embed", Title: "Embed Links", Subtitle: "", Enabled: true, - Default: "", - }, rbac.Operation{ + Default: rules.Inherit, + }, rules.Operation{ Key: "attach", Title: "Attach Files", Subtitle: "", Enabled: true, - Default: "", - }, rbac.Operation{ + Default: rules.Inherit, + }, rules.Operation{ Key: "manage.messages", Title: "Manage messages", Subtitle: "Members with this permission can edit/delete messages inside channels", Enabled: true, - Default: "", - }, rbac.Operation{ + Default: rules.Inherit, + }, rules.Operation{ Key: "react", Title: "Manage reactions", Subtitle: "Members with this permission can add new reactions to a message", Enabled: true, - Default: "", + Default: rules.Inherit, }, }, }, diff --git a/system/types/rules.go b/system/types/rules.go index 200dff5f5..2d4243ed1 100644 --- a/system/types/rules.go +++ b/system/types/rules.go @@ -1,11 +1,16 @@ package types +import ( + "encoding/json" + "errors" +) + type Access int const ( - Allow Access = 1 - Deny Access = 0 - Inherit Access = -1 + Allow Access = 2 + Deny Access = 1 + Inherit Access = 0 ) type Rules struct { @@ -14,3 +19,26 @@ type Rules struct { Operation string `db:"operation"` Value Access `db:"value"` } + +func (a *Access) UnmarshalJSON(data []byte) error { + var i interface{} + err := json.Unmarshal(data, &i) + if err != nil { + return err + } + + s, ok := i.(string) + if !ok { + return errors.New("Type assertion .(string) failed.") + } + + switch s { + case "allow": + *a = Allow + case "deny": + *a = Deny + default: + *a = Inherit + } + return nil +}