-
Notifications
You must be signed in to change notification settings - Fork 9
/
organization.go
171 lines (141 loc) · 4.22 KB
/
organization.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
// -*- Mode: Go; indent-tabs-mode: t -*-
/*
* This file is part of the IoT Management Service
* Copyright 2019 Canonical Ltd.
*
* This program is free software: you can redistribute it and/or modify it
* under the terms of the GNU Affero General Public License version 3, as
* published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranties of MERCHANTABILITY,
* SATISFACTORY QUALITY, or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package memory
import (
"fmt"
"github.com/canonical/iot-management/datastore"
)
// OrgUserAccess checks if the user has permissions to access the organization
func (mem *Store) OrgUserAccess(orgID, username string, role int) bool {
mem.lock.Lock()
defer mem.lock.Unlock()
// Superusers can access all accounts
if role == datastore.Superuser {
return true
}
for _, ou := range mem.OrgUsers {
if ou.OrganizationID == orgID && ou.Username == username {
return true
}
}
return false
}
// OrganizationsForUser returns the organizations a user can access
func (mem *Store) OrganizationsForUser(username string) ([]datastore.Organization, error) {
mem.lock.RLock()
defer mem.lock.RLock()
orgs := []datastore.Organization{}
if username == "invalid" {
return nil, fmt.Errorf("error finding user `%s`", username)
}
for _, ou := range mem.OrgUsers {
if ou.Username != username {
continue
}
o, err := mem.OrganizationGet(ou.OrganizationID)
if err != nil {
return nil, err
}
orgs = append(orgs, o)
}
return orgs, nil
}
// OrganizationGet returns an organization
func (mem *Store) OrganizationGet(orgID string) (datastore.Organization, error) {
mem.lock.RLock()
defer mem.lock.RUnlock()
return mem.organizationGet(orgID)
}
// organizationGet returns an organization without locking the store
func (mem *Store) organizationGet(orgID string) (datastore.Organization, error) {
for _, o := range mem.Orgs {
if o.OrganizationID == orgID {
return o, nil
}
}
return datastore.Organization{}, fmt.Errorf("error finding organization `%s`", orgID)
}
// OrganizationCreate creates a new organization
func (mem *Store) OrganizationCreate(org datastore.Organization) error {
mem.lock.Lock()
defer mem.lock.Unlock()
_, err := mem.organizationGet(org.OrganizationID)
if err == nil {
return fmt.Errorf("organization already exists `%s`", org.OrganizationID)
}
mem.Orgs = append(mem.Orgs, org)
return nil
}
// OrganizationUpdate updates an organization
func (mem *Store) OrganizationUpdate(org datastore.Organization) error {
mem.lock.Lock()
defer mem.lock.Unlock()
found := false
orgs := []datastore.Organization{}
for _, o := range mem.Orgs {
if o.OrganizationID == org.OrganizationID {
orgs = append(orgs, org)
found = true
continue
}
orgs = append(orgs, o)
}
if !found {
return fmt.Errorf("organization not found: %s", org.OrganizationID)
}
mem.Orgs = orgs
return nil
}
//OrganizationForUserToggle toggles the user access for an organization
func (mem *Store) OrganizationForUserToggle(orgID, username string) error {
err := mem.removeOrgUserAccess(orgID, username)
if err != nil {
// Create it as it didn't exist
return mem.addOrgUserAccess(orgID, username)
}
return nil
}
// removeOrgUserAccess remove access to an organization for a user
func (mem *Store) removeOrgUserAccess(orgID, username string) error {
mem.lock.Lock()
defer mem.lock.Unlock()
found := false
oo := []datastore.OrganizationUser{}
for _, ou := range mem.OrgUsers {
if ou.OrganizationID == orgID && ou.Username == username {
found = true
continue
}
oo = append(oo, ou)
}
if !found {
return fmt.Errorf("record not found")
}
mem.OrgUsers = oo
return nil
}
// addOrgUserAccess adds access to an organization for a user
func (mem *Store) addOrgUserAccess(orgID, username string) error {
mem.lock.Lock()
defer mem.lock.Unlock()
mem.OrgUsers = append(mem.OrgUsers, datastore.OrganizationUser{
OrganizationID: orgID,
Username: username,
})
return nil
}