github.com/apremalal/vamps-core@v1.0.1-0.20161221121535-d430b56ec174/controllers/authorization_controller.go

github.com/apremalal/vamps-core@v1.0.1-0.20161221121535-d430b56ec174/controllers/authorization_controller.go (about)

     1  package controllers
     2  
     3  import (
     4  	"encoding/json"
     5  	"net/http"
     6  
     7  	"github.com/vedicsoft/vamps-core/commons"
     8  )
     9  
    10  const (
    11  	ROLE_LOCATION_MANAGER  string = "location_manager"
    12  	ROLE_CAPTIVE_MANAGER   string = "captive_manager"
    13  	ROLE_ADVERT_MANAGER    string = "advert_manager"
    14  	ROLE_POLICY_MANAGER    string = "policy_manager"
    15  	ROLE_ANALYTICS_MANAGER string = "analytics_manager"
    16  	ROLE_TENANT_ADMIN      string = "tenant_admin"
    17  	ROLE_SUPER_ADMIN       string = "super_admin"
    18  )
    19  
    20  type Permission struct {
    21  	permission string
    22  }
    23  
    24  /**
    25  * get scope from jwt and check for permission
    26  * "scopes": {
    27  *    "wifi_location": [
    28  *      "read",
    29  *     "write",
    30  *      "execute"
    31  *    ]
    32  *  }
    33   */
    34  func IsAuthorized(resourceId string, permission string, r *http.Request) bool {
    35  	m1 := make(map[string][]string)
    36  	json.Unmarshal([]byte(r.Header.Get("scopes")), &m1)
    37  	m2 := m1[resourceId]
    38  	if m2 != nil {
    39  		for _, element := range m2 {
    40  			if element == permission {
    41  				return true
    42  			}
    43  		}
    44  	}
    45  	return false
    46  }
    47  
    48  func IsUserAuthorized(username string, resourceId string, permission string, r *http.Request) bool {
    49  	m1 := make(map[string][]string)
    50  	json.Unmarshal([]byte(r.Header.Get("scopes")), &m1)
    51  
    52  	m2 := m1[resourceId]
    53  	if m2 != nil && username == r.Header.Get("username") {
    54  		for _, element := range m2 {
    55  			if element == permission {
    56  				return true
    57  			}
    58  		}
    59  	}
    60  	return false
    61  }
    62  
    63  func HasRole(userID int, role string) (bool, error) {
    64  	const GET_USER_ROLE string = `SELECT vs_roles.roleid from vs_roles WHERE vs_roles.roleid IN (SELECT
    65  								  vs_user_roles.roleid FROM vs_user_roles WHERE vs_user_roles.userid=?) AND
    66  								  vs_roles.name =?`
    67  	var roles []int
    68  	dbMap := commons.GetDBConnection(commons.PLATFORM_DB)
    69  	var err error
    70  	_, err = dbMap.Select(&roles, GET_USER_ROLE, userID, role)
    71  	if err != nil {
    72  		return false, err
    73  	}
    74  	if len(roles) > 0 {
    75  		return true, nil
    76  	}
    77  	return false, nil
    78  }
    79  
    80  func RequireResourceAuthorization(inner http.Handler) http.Handler {
    81  	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
    82  	})
    83  }