forked from digota/digota
/
acl.go
102 lines (94 loc) · 2.75 KB
/
acl.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
// Digota <http://digota.com> - eCommerce microservice
// Copyright (c) 2018 Yaron Sumel <yaron@digota.com>
//
// MIT License
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to deal
// in the Software without restriction, including without limitation the rights
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
// copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
//
// The above copyright notice and this permission notice shall be included in all
// copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
// SOFTWARE.
package acl
import (
"github.com/digota/digota/client"
"github.com/digota/digota/order"
"github.com/digota/digota/payment"
"github.com/digota/digota/product"
"github.com/digota/digota/sku"
"golang.org/x/net/context"
"regexp"
)
// SkipAuth is
var skipAuth = false
// SkipAuth set skipAuth flag to true
func SetSkipAuth() {
skipAuth = true
}
// GetSkipAuth get flag
func SkipAuth() bool {
return skipAuth
}
var accessMap = map[client.Scope][][]*regexp.Regexp{
// All methods
client.WildcardScope: {
[]*regexp.Regexp{
regexp.MustCompile("(.*)"),
},
},
// Public methods
client.PublicScope: {
//auth.PublicMethods(),
},
// Write only methods
client.WriteScope: {
payment.WriteMethods(),
sku.WriteMethods(),
order.WriteMethods(),
product.WriteMethods(),
},
// Read only methods
client.ReadScope: {
payment.ReadMethods(),
sku.ReadMethods(),
order.ReadMethods(),
product.ReadMethods(),
},
}
// getAccessMap return access map for specific client
func getAccessMap(c *client.Client) [][]*regexp.Regexp {
var m [][]*regexp.Regexp
// append public scope
m = append(m, accessMap[client.PublicScope]...)
if c == nil {
return m
}
for _, v := range c.Scopes {
if methods, ok := accessMap[v]; ok {
m = append(m, methods...)
}
}
return m
}
// CanAccessMethod check if user can access fullMethod by getting its accessMap
func CanAccessMethod(ctx context.Context, fullMethod string) bool {
u, _ := client.FromContext(ctx)
for _, v := range getAccessMap(u) {
for _, r := range v {
if r.MatchString(fullMethod) {
return true
}
}
}
return false
}