initial commit 2
This commit is contained in:
Senad Uka
93
server/serverconfig/authorization.go
Normal file
93
server/serverconfig/authorization.go
Normal file
@@ -0,0 +1,93 @@
|
||||
package serverconfig
|
||||
|
||||
import (
|
||||
"bitbucket.org/nemt/nemt-portal-api/application/applicationservice"
|
||||
"bitbucket.org/nemt/nemt-portal-api/application/viewmodel"
|
||||
"bitbucket.org/nemt/nemt-portal-api/infra/auth"
|
||||
"bitbucket.org/nemt/nemt-portal-api/infra/config"
|
||||
"bitbucket.org/nemt/nemt-portal-api/infra/logger"
|
||||
"bitbucket.org/nemt/nemt-portal-api/server/router/routeutils"
|
||||
"github.com/casbin/casbin"
|
||||
"github.com/labstack/echo"
|
||||
"github.com/labstack/echo/middleware"
|
||||
|
||||
"strings"
|
||||
)
|
||||
|
||||
type (
|
||||
// Config defines the config for CasbinAuth middleware.
|
||||
Config struct {
|
||||
// Skipper defines a function to skip middleware.
|
||||
Skipper middleware.Skipper
|
||||
|
||||
// Enforcer CasbinAuth main rule.
|
||||
// Required.
|
||||
Enforcer *casbin.Enforcer
|
||||
|
||||
Application *config.Config
|
||||
|
||||
Svc *applicationservice.Service
|
||||
Logger *logger.Logger
|
||||
}
|
||||
)
|
||||
|
||||
var (
|
||||
// DefaultConfig is the default CasbinAuth middleware config.
|
||||
DefaultConfig = Config{
|
||||
Skipper: middleware.DefaultSkipper,
|
||||
}
|
||||
)
|
||||
|
||||
// MiddlewareWithConfig returns a CasbinAuth middleware with config.
|
||||
// See `Middleware()`.
|
||||
func MiddlewareWithConfig(cfg *config.Config, svc *applicationservice.Service, log *logger.Logger) echo.MiddlewareFunc {
|
||||
|
||||
config := &DefaultConfig
|
||||
|
||||
config.Svc = svc
|
||||
config.Logger = log
|
||||
config.Application = cfg
|
||||
|
||||
return func(next echo.HandlerFunc) echo.HandlerFunc {
|
||||
return func(c echo.Context) error {
|
||||
if config.Skipper(c) || config.CheckPermission(c) {
|
||||
return next(c)
|
||||
}
|
||||
|
||||
return routeutils.HandleHTMLError(c, echo.ErrForbidden)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func setAuthorizationMiddleware(e *echo.Echo, log *logger.Logger, cfg *config.Config, svc *applicationservice.Service) {
|
||||
e.Use(MiddlewareWithConfig(cfg, svc, log))
|
||||
}
|
||||
|
||||
// CheckPermission checks the user/method/path combination from the request.
|
||||
// Returns true (permission granted) or false (permission forbidden)
|
||||
func (a *Config) CheckPermission(c echo.Context) bool {
|
||||
user, err := auth.GetUserDetail(c, a.Application)
|
||||
if err != nil {
|
||||
a.Logger.Warningf("Cannot get user details. %v ", err)
|
||||
}
|
||||
method := c.Request().Method
|
||||
path := c.Request().URL.Path
|
||||
//objectOrganization := a.organizationGoverningObject(c, user)
|
||||
|
||||
return a.Enforcer.Enforce(user, path, method)
|
||||
}
|
||||
|
||||
func (a *Config) organizationGoverningObject(c echo.Context, userDetails viewmodel.User) (result viewmodel.Organization) {
|
||||
|
||||
existingUser := strings.Contains(c.Request().URL.Path, "/users") && len(c.ParamValues()) > 0
|
||||
newUser := strings.Contains(c.Request().URL.Path, "/users") && len(c.ParamValues()) <= 0
|
||||
|
||||
switch {
|
||||
case existingUser:
|
||||
user, _ := a.Svc.Users.GetByUUID(c.ParamValues()[0], "")
|
||||
result = user.Organizations[0]
|
||||
case newUser:
|
||||
result = userDetails.Organizations[0]
|
||||
}
|
||||
return
|
||||
}
|
||||
Reference in New Issue
Block a user