/
policy_api.go
61 lines (53 loc) · 1.8 KB
/
policy_api.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
package lang
// APIPolicy is a Policy representation for API filtered for specific user
type APIPolicy struct {
Namespace map[string]*APIPolicyNamespace
}
// APIPolicyNamespace is a PolicyNamespace representation for API filtered for specific user
type APIPolicyNamespace struct {
Bundles map[string]*Bundle
Services map[string]*Service
Clusters map[string]*Cluster
Rules map[string]*Rule
ACLRules map[string]*Rule
Claims map[string]*Claim
}
// APIPolicy returns Policy representation for API filtered for specific user
func (policy *Policy) APIPolicy() *APIPolicy {
// TODO; implement
return &APIPolicy{}
}
// APIPolicy returns Policy representation for API filtered for specific user
func (view *PolicyView) APIPolicy() *APIPolicy {
result := view.Policy.APIPolicy()
for k := range result.Namespace {
result.Namespace[k].Clusters = view.filterClusters(result.Namespace[k].Clusters)
}
return result
}
// filterClusters returns clusters filtered for specific user
func (view *PolicyView) filterClusters(clusters map[string]*Cluster) map[string]*Cluster {
result := make(map[string]*Cluster)
for k := range clusters {
filteredCluster := view.filterCluster(clusters[k])
if filteredCluster != nil {
result[k] = filteredCluster
}
}
return result
}
// filterClusters returns user's view of the cluster (without any configuration parameters for non-admins)
func (view *PolicyView) filterCluster(cluster *Cluster) *Cluster {
if view.ManageObject(cluster) == nil {
// if user can manage cluster, return full information
return cluster
}
if view.ViewObject(cluster) == nil {
// if user can only view cluster, return stripped down information about the cluster
result := cluster.MakeCopy()
result.Config = "hidden"
return result
}
// if user has no access, do not return anything
return nil
}