github.com/polarismesh/polaris@v1.17.8/auth/defaultauth/group_authability.go

github.com/polarismesh/polaris@v1.17.8/auth/defaultauth/group_authability.go (about)

     1  /**
     2   * Tencent is pleased to support the open source community by making Polaris available.
     3   *
     4   * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
     5   *
     6   * Licensed under the BSD 3-Clause License (the "License");
     7   * you may not use this file except in compliance with the License.
     8   * You may obtain a copy of the License at
     9   *
    10   * https://opensource.org/licenses/BSD-3-Clause
    11   *
    12   * Unless required by applicable law or agreed to in writing, software distributed
    13   * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
    14   * CONDITIONS OF ANY KIND, either express or implied. See the License for the
    15   * specific language governing permissions and limitations under the License.
    16   */
    17  
    18  package defaultauth
    19  
    20  import (
    21  	"context"
    22  
    23  	apimodel "github.com/polarismesh/specification/source/go/api/v1/model"
    24  	apisecurity "github.com/polarismesh/specification/source/go/api/v1/security"
    25  	apiservice "github.com/polarismesh/specification/source/go/api/v1/service_manage"
    26  
    27  	api "github.com/polarismesh/polaris/common/api/v1"
    28  )
    29  
    30  func NewGroupAuthAbility(authMgn *DefaultAuthChecker, target *Server) *GroupAuthAbility {
    31  	return &GroupAuthAbility{
    32  		authMgn: authMgn,
    33  		target:  target,
    34  	}
    35  }
    36  
    37  type GroupAuthAbility struct {
    38  	authMgn *DefaultAuthChecker
    39  	target  *Server
    40  }
    41  
    42  // CreateGroup creates a group.
    43  func (svr *GroupAuthAbility) CreateGroup(ctx context.Context, group *apisecurity.UserGroup) *apiservice.Response {
    44  	ctx, rsp := verifyAuth(ctx, WriteOp, MustOwner, svr.authMgn)
    45  	if rsp != nil {
    46  		rsp.UserGroup = group
    47  		return rsp
    48  	}
    49  
    50  	return svr.target.CreateGroup(ctx, group)
    51  }
    52  
    53  // UpdateGroups updates groups.
    54  func (svr *GroupAuthAbility) UpdateGroups(ctx context.Context,
    55  	reqs []*apisecurity.ModifyUserGroup) *apiservice.BatchWriteResponse {
    56  	ctx, rsp := verifyAuth(ctx, WriteOp, MustOwner, svr.authMgn)
    57  	if rsp != nil {
    58  		resp := api.NewAuthBatchWriteResponse(apimodel.Code_ExecuteSuccess)
    59  		api.Collect(resp, rsp)
    60  		return resp
    61  	}
    62  
    63  	return svr.target.UpdateGroups(ctx, reqs)
    64  }
    65  
    66  // DeleteGroups deletes groups.
    67  func (svr *GroupAuthAbility) DeleteGroups(ctx context.Context,
    68  	reqs []*apisecurity.UserGroup) *apiservice.BatchWriteResponse {
    69  	ctx, rsp := verifyAuth(ctx, WriteOp, MustOwner, svr.authMgn)
    70  	if rsp != nil {
    71  		resp := api.NewAuthBatchWriteResponse(apimodel.Code_ExecuteSuccess)
    72  		api.Collect(resp, rsp)
    73  		return resp
    74  	}
    75  
    76  	return svr.target.DeleteGroups(ctx, reqs)
    77  }
    78  
    79  // GetGroups 查看用户组列表
    80  func (svr *GroupAuthAbility) GetGroups(ctx context.Context,
    81  	query map[string]string) *apiservice.BatchQueryResponse {
    82  	ctx, rsp := verifyAuth(ctx, ReadOp, NotOwner, svr.authMgn)
    83  	if rsp != nil {
    84  		return api.NewAuthBatchQueryResponseWithMsg(apimodel.Code(rsp.GetCode().Value), rsp.Info.Value)
    85  	}
    86  
    87  	return svr.target.GetGroups(ctx, query)
    88  }
    89  
    90  // GetGroup 查看用户组
    91  func (svr *GroupAuthAbility) GetGroup(ctx context.Context, req *apisecurity.UserGroup) *apiservice.Response {
    92  	ctx, rsp := verifyAuth(ctx, WriteOp, NotOwner, svr.authMgn)
    93  	if rsp != nil {
    94  		return rsp
    95  	}
    96  
    97  	return svr.target.GetGroup(ctx, req)
    98  }
    99  
   100  // GetGroupToken 获取用户组token
   101  func (svr *GroupAuthAbility) GetGroupToken(ctx context.Context, req *apisecurity.UserGroup) *apiservice.Response {
   102  	ctx, rsp := verifyAuth(ctx, ReadOp, NotOwner, svr.authMgn)
   103  	if rsp != nil {
   104  		return rsp
   105  	}
   106  
   107  	return svr.target.GetGroupToken(ctx, req)
   108  }
   109  
   110  // UpdateGroupToken 更新用户组token
   111  func (svr *GroupAuthAbility) UpdateGroupToken(ctx context.Context, group *apisecurity.UserGroup) *apiservice.Response {
   112  	ctx, rsp := verifyAuth(ctx, WriteOp, MustOwner, svr.authMgn)
   113  	if rsp != nil {
   114  		rsp.UserGroup = group
   115  		return rsp
   116  	}
   117  
   118  	return svr.target.UpdateGroupToken(ctx, group)
   119  }
   120  
   121  // ResetGroupToken 重置用户组token
   122  func (svr *GroupAuthAbility) ResetGroupToken(ctx context.Context, group *apisecurity.UserGroup) *apiservice.Response {
   123  	ctx, rsp := verifyAuth(ctx, WriteOp, MustOwner, svr.authMgn)
   124  	if rsp != nil {
   125  		rsp.UserGroup = group
   126  		return rsp
   127  	}
   128  
   129  	return svr.target.ResetGroupToken(ctx, group)
   130  }