-
Notifications
You must be signed in to change notification settings - Fork 45
/
types.go
102 lines (89 loc) · 1.89 KB
/
types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
package types
import (
"regexp"
"cosmossdk.io/math"
sdk "github.com/cosmos/cosmos-sdk/types"
gnfd "github.com/bnb-chain/greenfield/types"
"github.com/bnb-chain/greenfield/types/resource"
)
type (
Int = math.Int
Uint = math.Uint
)
func NewDefaultPolicyForGroupMember(groupID math.Uint, member sdk.AccAddress) *Policy {
return &Policy{
ResourceType: resource.RESOURCE_TYPE_GROUP,
ResourceId: groupID,
MemberStatement: NewMemberStatement(),
}
}
func (p *Policy) Eval(action ActionType, resource *string) Effect {
allowed := false
for _, s := range p.Statements {
e := s.Eval(action, resource)
if e == EFFECT_DENY {
return e
} else if e == EFFECT_ALLOW {
allowed = true
}
}
if allowed {
return EFFECT_ALLOW
}
return EFFECT_PASS
}
func (p *Policy) GetGroupMemberStatement() (*Statement, bool) {
for _, s := range p.Statements {
for _, act := range s.Actions {
if act == ACTION_GROUP_MEMBER {
return s, true
}
}
}
return nil, false
}
func NewMemberStatement() *Statement {
return &Statement{
Effect: EFFECT_ALLOW,
Resources: nil,
Actions: []ActionType{ACTION_GROUP_MEMBER},
}
}
func (s *Statement) Eval(action ActionType, resource *string) Effect {
if resource != nil && s.Resources == nil {
return EFFECT_PASS
}
if s.Resources != nil && resource != nil {
isMatch := false
for _, res := range s.Resources {
reg := regexp.MustCompile(res)
if reg == nil {
continue
}
matchRes := reg.MatchString(*resource)
if matchRes {
isMatch = matchRes
break
}
}
if !isMatch {
return EFFECT_PASS
}
}
for _, act := range s.Actions {
if act == action || act == ACTION_TYPE_ALL {
return s.Effect
}
}
return EFFECT_PASS
}
func (s *Statement) ValidateBasic() error {
for _, r := range s.Resources {
var grn gnfd.GRN
err := grn.ParseFromString(r, true)
if err != nil {
return err
}
}
return nil
}