github.com/cs3org/reva/v2@v2.27.7/pkg/auth/scope/scope.go

github.com/cs3org/reva/v2@v2.27.7/pkg/auth/scope/scope.go (about)

     1  // Copyright 2018-2021 CERN
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  //
    15  // In applying this license, CERN does not waive the privileges and immunities
    16  // granted to it by virtue of its status as an Intergovernmental Organization
    17  // or submit itself to any jurisdiction.
    18  
    19  package scope
    20  
    21  import (
    22  	"context"
    23  	"strings"
    24  
    25  	authpb "github.com/cs3org/go-cs3apis/cs3/auth/provider/v1beta1"
    26  	"github.com/cs3org/reva/v2/pkg/appctx"
    27  	"github.com/rs/zerolog"
    28  )
    29  
    30  // Verifier is the function signature which every scope verifier should implement.
    31  type Verifier func(context.Context, *authpb.Scope, interface{}, *zerolog.Logger) (bool, error)
    32  
    33  var supportedScopes = map[string]Verifier{
    34  	"user":          userScope,
    35  	"publicshare":   publicshareScope,
    36  	"resourceinfo":  resourceinfoScope,
    37  	"share":         shareScope,
    38  	"receivedshare": receivedShareScope,
    39  	"lightweight":   lightweightAccountScope,
    40  	"ocmshare":      ocmShareScope,
    41  }
    42  
    43  // VerifyScope is the function to be called when dismantling tokens to check if
    44  // the token has access to a particular resource.
    45  func VerifyScope(ctx context.Context, scopeMap map[string]*authpb.Scope, resource interface{}) (bool, error) {
    46  	logger := appctx.GetLogger(ctx)
    47  	for k, scope := range scopeMap {
    48  		for s, f := range supportedScopes {
    49  			if strings.HasPrefix(k, s) {
    50  				if valid, err := f(ctx, scope, resource, logger); err == nil && valid {
    51  					return true, nil
    52  				}
    53  			}
    54  		}
    55  	}
    56  	return false, nil
    57  }
    58  
    59  func hasRoleEditor(scope *authpb.Scope) bool {
    60  	return scope.Role == authpb.Role_ROLE_OWNER || scope.Role == authpb.Role_ROLE_EDITOR || scope.Role == authpb.Role_ROLE_UPLOADER
    61  }