github.com/polarismesh/polaris@v1.17.8/auth/defaultauth/strategy_authability.go

github.com/polarismesh/polaris@v1.17.8/auth/defaultauth/strategy_authability.go (about)

     1  /**
     2   * Tencent is pleased to support the open source community by making Polaris available.
     3   *
     4   * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
     5   *
     6   * Licensed under the BSD 3-Clause License (the "License");
     7   * you may not use this file except in compliance with the License.
     8   * You may obtain a copy of the License at
     9   *
    10   * https://opensource.org/licenses/BSD-3-Clause
    11   *
    12   * Unless required by applicable law or agreed to in writing, software distributed
    13   * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
    14   * CONDITIONS OF ANY KIND, either express or implied. See the License for the
    15   * specific language governing permissions and limitations under the License.
    16   */
    17  
    18  package defaultauth
    19  
    20  import (
    21  	"context"
    22  
    23  	apimodel "github.com/polarismesh/specification/source/go/api/v1/model"
    24  	apisecurity "github.com/polarismesh/specification/source/go/api/v1/security"
    25  	apiservice "github.com/polarismesh/specification/source/go/api/v1/service_manage"
    26  
    27  	"github.com/polarismesh/polaris/auth"
    28  	"github.com/polarismesh/polaris/cache"
    29  	api "github.com/polarismesh/polaris/common/api/v1"
    30  	"github.com/polarismesh/polaris/common/model"
    31  	"github.com/polarismesh/polaris/plugin"
    32  	"github.com/polarismesh/polaris/store"
    33  )
    34  
    35  func NewStrategyAuthAbility(authMgn *DefaultAuthChecker, target *Server) *StrategyAuthAbility {
    36  	return &StrategyAuthAbility{
    37  		authMgn: authMgn,
    38  		target:  target,
    39  	}
    40  }
    41  
    42  type StrategyAuthAbility struct {
    43  	authMgn *DefaultAuthChecker
    44  	target  *Server
    45  }
    46  
    47  // Initialize 执行初始化动作
    48  func (svr *StrategyAuthAbility) Initialize(authOpt *auth.Config, storage store.Store,
    49  	cacheMgn *cache.CacheManager) error {
    50  	var (
    51  		history = plugin.GetHistory()
    52  		authMgn = &DefaultAuthChecker{}
    53  	)
    54  	if err := authMgn.Initialize(authOpt, storage, cacheMgn); err != nil {
    55  		return err
    56  	}
    57  
    58  	svr.authMgn = authMgn
    59  	svr.target = &Server{
    60  		storage:  storage,
    61  		history:  history,
    62  		cacheMgn: cacheMgn,
    63  		authMgn:  authMgn,
    64  	}
    65  	return nil
    66  }
    67  
    68  // Name of the user operator plugin
    69  func (svr *StrategyAuthAbility) Name() string {
    70  	return auth.DefaultStrategyMgnPluginName
    71  }
    72  
    73  // CreateStrategy creates a new strategy.
    74  func (svr *StrategyAuthAbility) CreateStrategy(
    75  	ctx context.Context, strategy *apisecurity.AuthStrategy) *apiservice.Response {
    76  	ctx, rsp := verifyAuth(ctx, WriteOp, MustOwner, svr.authMgn)
    77  	if rsp != nil {
    78  		rsp.AuthStrategy = strategy
    79  		return rsp
    80  	}
    81  
    82  	return svr.target.CreateStrategy(ctx, strategy)
    83  }
    84  
    85  // UpdateStrategies update a strategy.
    86  func (svr *StrategyAuthAbility) UpdateStrategies(ctx context.Context,
    87  	reqs []*apisecurity.ModifyAuthStrategy) *apiservice.BatchWriteResponse {
    88  	ctx, rsp := verifyAuth(ctx, WriteOp, MustOwner, svr.authMgn)
    89  	if rsp != nil {
    90  		resp := api.NewAuthBatchWriteResponse(apimodel.Code_ExecuteSuccess)
    91  		api.Collect(resp, rsp)
    92  		return resp
    93  	}
    94  
    95  	return svr.target.UpdateStrategies(ctx, reqs)
    96  }
    97  
    98  // DeleteStrategies delete strategy.
    99  func (svr *StrategyAuthAbility) DeleteStrategies(ctx context.Context,
   100  	reqs []*apisecurity.AuthStrategy) *apiservice.BatchWriteResponse {
   101  	ctx, rsp := verifyAuth(ctx, WriteOp, MustOwner, svr.authMgn)
   102  	if rsp != nil {
   103  		resp := api.NewAuthBatchWriteResponse(apimodel.Code_ExecuteSuccess)
   104  		api.Collect(resp, rsp)
   105  		return resp
   106  	}
   107  
   108  	return svr.target.DeleteStrategies(ctx, reqs)
   109  }
   110  
   111  // GetStrategies get strategy list .
   112  func (svr *StrategyAuthAbility) GetStrategies(ctx context.Context,
   113  	query map[string]string) *apiservice.BatchQueryResponse {
   114  	ctx, rsp := verifyAuth(ctx, ReadOp, NotOwner, svr.authMgn)
   115  	if rsp != nil {
   116  		return api.NewAuthBatchQueryResponseWithMsg(apimodel.Code(rsp.GetCode().Value), rsp.Info.Value)
   117  	}
   118  
   119  	return svr.target.GetStrategies(ctx, query)
   120  }
   121  
   122  // GetStrategy get strategy.
   123  func (svr *StrategyAuthAbility) GetStrategy(
   124  	ctx context.Context, strategy *apisecurity.AuthStrategy) *apiservice.Response {
   125  	ctx, rsp := verifyAuth(ctx, ReadOp, NotOwner, svr.authMgn)
   126  	if rsp != nil {
   127  		return rsp
   128  	}
   129  
   130  	return svr.target.GetStrategy(ctx, strategy)
   131  }
   132  
   133  // GetPrincipalResources get principal resources.
   134  func (svr *StrategyAuthAbility) GetPrincipalResources(ctx context.Context, query map[string]string) *apiservice.Response {
   135  	ctx, rsp := verifyAuth(ctx, ReadOp, NotOwner, svr.authMgn)
   136  	if rsp != nil {
   137  		return rsp
   138  	}
   139  
   140  	return svr.target.GetPrincipalResources(ctx, query)
   141  }
   142  
   143  // GetAuthChecker 获取鉴权管理器
   144  func (svr *StrategyAuthAbility) GetAuthChecker() auth.AuthChecker {
   145  	return svr.authMgn
   146  }
   147  
   148  // AfterResourceOperation is called after resource operation
   149  func (svr *StrategyAuthAbility) AfterResourceOperation(afterCtx *model.AcquireContext) error {
   150  	return svr.target.AfterResourceOperation(afterCtx)
   151  }