-
Notifications
You must be signed in to change notification settings - Fork 28
/
base_authorizer.go
39 lines (29 loc) · 1.12 KB
/
base_authorizer.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
package authz
import (
"context"
httpsec "github.com/Peripli/service-manager/pkg/security/http"
"github.com/Peripli/service-manager/pkg/web"
)
type baseAuthorizer struct {
userProcessingFunc func(context.Context, *web.UserContext) (httpsec.Decision, web.AccessLevel, error)
}
func NewBaseAuthorizer(userProcessingFunc func(context.Context, *web.UserContext) (httpsec.Decision, web.AccessLevel, error)) *baseAuthorizer {
return &baseAuthorizer{userProcessingFunc: userProcessingFunc}
}
func (a *baseAuthorizer) Authorize(request *web.Request) (httpsec.Decision, web.AccessLevel, error) {
ctx := request.Context()
user, ok := web.UserFromContext(ctx)
if !ok {
return httpsec.Abstain, web.NoAccess, nil
}
if user.AuthenticationType != web.Bearer {
return httpsec.Abstain, web.NoAccess, nil // Not oauth
}
decision, accessLevel, err := a.userProcessingFunc(ctx, user)
if err != nil {
// denying with an error is allowed so in case of an error we return the decision as well
return decision, accessLevel, err
}
request.Request = request.WithContext(web.ContextWithUser(ctx, user))
return decision, accessLevel, nil
}