DeforaNetworks/corteza
3
0
Fork 0
Code Activity

Fix sensitive level check for data privacy modules

Browse Source 
A module have one or more module field with have a sensitivity level then it will consider as private module.
This commit is contained in:
Vivek Patel
2022-07-21 17:10:49 +05:30
parent eb917eed6e
commit fad8725a63
4 changed files with 73 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
compose/service/data_privacy.go
View File

@@ -3,6 +3,7 @@ package service
import (
"context"
"github.com/cortezaproject/corteza-server/compose/types"
"github.com/cortezaproject/corteza-server/pkg/locale"
sysService "github.com/cortezaproject/corteza-server/system/service"
sysTypes "github.com/cortezaproject/corteza-server/system/types"
)
@@ -12,6 +13,7 @@ type (
ns NamespaceService
m ModuleService
dalConn dalConnectionService
locale ResourceTranslationsManagerService
}
dalConnectionService interface {
@@ -28,6 +30,7 @@ func DataPrivacy() *dataPrivacy {
ns: DefaultNamespace,
m: DefaultModule,
dalConn: sysService.DefaultDalConnection,
locale: DefaultResourceTranslation,
}
}
@@ -37,21 +40,19 @@ func (svc dataPrivacy) FindModules(ctx context.Context, filter types.PrivacyModu
cc = make(map[uint64]*sysTypes.DalConnection, 0)
)
reqConnes := make(map[uint64]bool)
hasReqConnes := len(filter.ConnectionID) > 0
for _, connectionID := range filter.ConnectionID {
reqConnes[connectionID] = true
}
// All namespaces
namespaces, _, err := svc.ns.Find(ctx, types.NamespaceFilter{})
if err != nil {
return
}
for _, n := range namespaces {
// Sensitive modules only
modules, f, err = svc.m.FindSensitive(ctx, types.PrivacyModuleFilter{NamespaceID: n.ID})
tag := locale.GetAcceptLanguageFromContext(ctx)
n.DecodeTranslations(svc.locale.Locale().ResourceTranslations(tag, n.ResourceTranslation()))
modules, f, err = svc.m.FindSensitive(ctx, types.PrivacyModuleFilter{
NamespaceID: n.ID,
ConnectionID: filter.ConnectionID,
})
if err != nil {
return
}
@@ -61,26 +62,21 @@ func (svc dataPrivacy) FindModules(ctx context.Context, filter types.PrivacyModu
for _, m := range modules {
connID := m.ConnectionID
if hasReqConnes && !reqConnes[connID] {
continue
}
var c *sysTypes.DalConnection
if val, ok := cc[connID]; ok {
c = val
m.Connection = val
} else {
c, err = svc.dalConn.FindByID(ctx, connID)
m.Connection, err = svc.dalConn.FindByID(ctx, connID)
if err != nil {
cc[connID] = c
cc[connID] = m.Connection
}
}
out = append(out, &types.PrivacyModule{
ID: m.ID,
Name: m.Name,
Handle: m.Handle,
Connection: c,
})
m.Namespace = types.PrivacyNamespaceMeta{
ID: n.ID,
Slug: n.Slug,
Name: n.Name,
}
out = append(out, &m)
}
}

45
compose/service/module.go
View File

@@ -433,8 +433,15 @@ func (svc *module) ReloadDALModels(ctx context.Context) (err error) {
func (svc module) FindSensitive(ctx context.Context, filter types.PrivacyModuleFilter) (set []types.PrivacyModule, f types.PrivacyModuleFilter, err error) {
var (
mm types.ModuleSet
reqConnes = make(map[uint64]bool)
hasReqConnes = len(filter.ConnectionID) > 0
)
for _, connectionID := range filter.ConnectionID {
reqConnes[connectionID] = true
}
err = func() error {
mm, _, err = svc.Find(ctx, types.ModuleFilter{NamespaceID: filter.NamespaceID})
if err != nil {
@@ -442,18 +449,36 @@ func (svc module) FindSensitive(ctx context.Context, filter types.PrivacyModuleF
}
for _, m := range mm {
isPrivate := false
for _, f := range m.Fields {
isPrivate = isPrivate || f.IsSensitive()
cMeta, err := svc.dal.GetConnectionMeta(ctx, m.ModelConfig.ConnectionID)
if err != nil {
return err
}
if isPrivate && m != nil {
set = append(set, types.PrivacyModule{
ID: m.ID,
Name: m.Name, // @todo get this as per translation
Handle: m.Handle,
ConnectionID: m.ModelConfig.ConnectionID,
})
connID := cMeta.ConnectionID
if hasReqConnes && !reqConnes[connID] {
continue
}
isSensitive := false
for _, f := range m.Fields {
isSensitive = isSensitive || f.IsSensitive()
}
tag := locale.GetAcceptLanguageFromContext(ctx)
m.DecodeTranslations(svc.locale.Locale().ResourceTranslations(tag, m.ResourceTranslation()))
if isSensitive && m != nil {
pm := types.PrivacyModule{
Module: types.PrivacyModuleMeta{
ID: m.ID,
Name: m.Name,
Handle: m.Handle,
Fields: m.Fields,
},
ConnectionID: connID,
}
set = append(set, pm)
}
}

20
compose/types/data_privacy.go
View File

@@ -7,16 +7,28 @@ import (
type (
PrivacyModule struct {
ID uint64 `json:"moduleID,string"`
Name string `json:"name"`
Handle string `json:"handle"`
Module PrivacyModuleMeta `json:"module"`
Namespace PrivacyNamespaceMeta `json:"namespace"`
ConnectionID uint64 `json:"-"`
Connection *sysTypes.DalConnection `json:"connection"`
}
PrivacyModuleMeta struct {
ID uint64 `json:"moduleID,string"`
Name string `json:"name"`
Handle string `json:"handle"`
Fields ModuleFieldSet `json:"fields"`
}
PrivacyNamespaceMeta struct {
ID uint64 `json:"namespaceID,string"`
Slug string `json:"slug"`
Name string `json:"name"`
}
PrivacyModuleFilter struct {
NamespaceID uint64 `json:"namespaceID,string"`
NamespaceID uint64 `json:"-"`
ConnectionID []uint64 `json:"connectionID,string"`
// Standard helpers for paging and sorting

4
pkg/dal/service.go
View File

@@ -21,6 +21,7 @@ type (
}
ConnectionMeta struct {
ConnectionID uint64
SensitivityLevel uint64
Label string
@@ -329,7 +330,7 @@ func (svc *service) ReplaceConnection(ctx context.Context, cw *ConnectionWrap, i
//
// The function is primarily used by services which need to know a little bit
// about the connection their resources are located in (ident formatting for example).
func (svc *service) GetConnectionMeta(ctx context.Context, ID uint64) (cm ConnectionMeta, err error) {
func (svc *service) GetConnectionMeta(_ context.Context, ID uint64) (cm ConnectionMeta, err error) {
if ID == 0 {
ID = svc.defConnID
}
@@ -341,6 +342,7 @@ func (svc *service) GetConnectionMeta(ctx context.Context, ID uint64) (cm Connec
}
cm = cw.meta
cm.ConnectionID = cw.connectionID
return
}