/
import.go
101 lines (86 loc) · 2.12 KB
/
import.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
package processors
import (
"fmt"
"net/http"
"go.aporeto.io/a3s/pkgs/api"
"go.aporeto.io/a3s/pkgs/authorizer"
"go.aporeto.io/a3s/pkgs/bearermanip"
"go.aporeto.io/a3s/pkgs/importing"
"go.aporeto.io/a3s/pkgs/permissions"
"go.aporeto.io/a3s/pkgs/token"
"go.aporeto.io/bahamut"
"go.aporeto.io/elemental"
)
// A ImportProcessor is a bahamut processor for Import.
type ImportProcessor struct {
bmanipMaker bearermanip.MakerFunc
authz authorizer.Authorizer
}
// NewImportProcessor returns a new ImportProcessor .
func NewImportProcessor(bmanipMaker bearermanip.MakerFunc, authz authorizer.Authorizer) *ImportProcessor {
return &ImportProcessor{
bmanipMaker: bmanipMaker,
authz: authz,
}
}
// ProcessCreate handles the creates requests for HTTPSource.
func (p *ImportProcessor) ProcessCreate(bctx bahamut.Context) error {
req := bctx.InputData().(*api.Import)
ns := bctx.Request().Namespace
values := []elemental.Identifiables{
req.LDAPSources,
req.OIDCSources,
req.A3SSources,
req.MTLSSources,
req.HTTPSources,
req.Authorizations,
}
restrictions, err := permissions.GetRestrictions(token.FromRequest(bctx.Request()))
if err != nil {
return err
}
for _, lst := range values {
if len(lst.List()) == 0 {
continue
}
for _, perm := range []string{"retrieve-many", "create", "delete"} {
ok, err := p.authz.CheckAuthorization(
bctx.Context(),
bctx.Claims(),
perm,
ns,
lst.Identity().Category,
authorizer.OptionCheckRestrictions(restrictions),
authorizer.OptionCheckSourceIP(bctx.Request().ClientIP),
)
if err != nil {
return err
}
if !ok {
return elemental.NewError(
"Permission Denied",
fmt.Sprintf("You don't have the permission to '%s' on '%s'", perm, lst.Identity().Category),
"a3s:import",
http.StatusForbidden,
)
}
}
}
for _, lst := range values {
if len(lst.List()) == 0 {
continue
}
if err := importing.Import(
bctx.Context(),
api.Manager(),
p.bmanipMaker(bctx),
ns,
req.Label,
lst,
bctx.Request().Parameters.Get("delete").BoolValue(),
); err != nil {
return err
}
}
return nil
}