github.com/cs3org/reva/v2@v2.27.7/internal/grpc/services/permissions/permissions.go (about) 1 // Copyright 2021 CERN 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 // 15 // In applying this license, CERN does not waive the privileges and immunities 16 // granted to it by virtue of its status as an Intergovernmental Organization 17 // or submit itself to any jurisdiction. 18 19 package permissions 20 21 import ( 22 "context" 23 "fmt" 24 25 permissions "github.com/cs3org/go-cs3apis/cs3/permissions/v1beta1" 26 rpc "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1" 27 "github.com/cs3org/reva/v2/pkg/permission" 28 "github.com/cs3org/reva/v2/pkg/permission/manager/registry" 29 "github.com/cs3org/reva/v2/pkg/rgrpc" 30 "github.com/mitchellh/mapstructure" 31 "github.com/pkg/errors" 32 "github.com/rs/zerolog" 33 "google.golang.org/grpc" 34 ) 35 36 func init() { 37 rgrpc.Register("permissions", New) 38 } 39 40 type config struct { 41 Driver string `mapstructure:"driver" docs:"localhome;The permission driver to be used."` 42 Drivers map[string]map[string]interface{} `mapstructure:"drivers" docs:"url:pkg/permission/permission.go"` 43 } 44 45 func parseConfig(m map[string]interface{}) (*config, error) { 46 c := &config{} 47 if err := mapstructure.Decode(m, c); err != nil { 48 err = errors.Wrap(err, "error decoding conf") 49 return nil, err 50 } 51 return c, nil 52 } 53 54 type service struct { 55 manager permission.Manager 56 } 57 58 // New returns a new PermissionsServiceServer 59 func New(m map[string]interface{}, ss *grpc.Server, _ *zerolog.Logger) (rgrpc.Service, error) { 60 c, err := parseConfig(m) 61 if err != nil { 62 return nil, err 63 } 64 65 f, ok := registry.NewFuncs[c.Driver] 66 if !ok { 67 return nil, fmt.Errorf("could not get permission manager '%s'", c.Driver) 68 } 69 manager, err := f(c.Drivers[c.Driver]) 70 if err != nil { 71 return nil, err 72 } 73 74 service := &service{manager: manager} 75 return service, nil 76 } 77 78 func (s *service) Close() error { 79 return nil 80 } 81 82 func (s *service) UnprotectedEndpoints() []string { 83 return []string{} 84 } 85 86 func (s *service) Register(ss *grpc.Server) { 87 permissions.RegisterPermissionsAPIServer(ss, s) 88 } 89 90 func (s *service) CheckPermission(ctx context.Context, req *permissions.CheckPermissionRequest) (*permissions.CheckPermissionResponse, error) { 91 var subject string 92 switch ref := req.SubjectRef.Spec.(type) { 93 case *permissions.SubjectReference_UserId: 94 subject = ref.UserId.OpaqueId 95 case *permissions.SubjectReference_GroupId: 96 subject = ref.GroupId.OpaqueId 97 } 98 var status *rpc.Status 99 if ok := s.manager.CheckPermission(req.Permission, subject, req.Ref); ok { 100 status = &rpc.Status{Code: rpc.Code_CODE_OK} 101 } else { 102 status = &rpc.Status{Code: rpc.Code_CODE_PERMISSION_DENIED} 103 } 104 return &permissions.CheckPermissionResponse{Status: status}, nil 105 }