-
Notifications
You must be signed in to change notification settings - Fork 2
/
access.go
90 lines (82 loc) · 1.84 KB
/
access.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
package middleware
import (
"github.com/containerum/cherry/adaptors/gonic"
"github.com/containerum/events-api/pkg/eaerrors"
"github.com/containerum/events-api/pkg/models/headers"
"github.com/containerum/utils/httputil"
"github.com/gin-gonic/gin"
)
type AccessLevel string
const (
levelOwner AccessLevel = "owner"
levelWrite AccessLevel = "write"
levelReadDelete AccessLevel = "read-delete"
levelRead AccessLevel = "read"
)
var (
readLevels = []AccessLevel{
levelOwner,
levelWrite,
levelReadDelete,
levelRead,
}
)
var (
writeLevels = []AccessLevel{
levelOwner,
levelWrite,
}
)
func ReadAccess(c *gin.Context) {
ns := c.Param("namespace")
if c.GetHeader(httputil.UserRoleXHeader) == RoleUser {
var userNsData *headers.UserHeaderData
nsList := c.MustGet(UserNamespaces).(*UserHeaderDataMap)
for _, n := range *nsList {
if ns == n.ID {
userNsData = &n
break
}
}
if userNsData != nil {
if ok := containsAccess(userNsData.Access, readLevels...); ok {
return
}
gonic.Gonic(eaerrors.ErrAccessError(), c)
return
}
gonic.Gonic(eaerrors.ErrResourceNotExists(), c)
return
}
}
func WriteAccess(c *gin.Context) {
ns := c.Param("namespace")
if c.GetHeader(httputil.UserRoleXHeader) == RoleUser {
var userNsData *headers.UserHeaderData
nsList := c.MustGet(UserNamespaces).(*UserHeaderDataMap)
for _, n := range *nsList {
if ns == n.ID {
userNsData = &n
break
}
}
if userNsData != nil {
if ok := containsAccess(userNsData.Access, writeLevels...); ok {
return
}
gonic.Gonic(eaerrors.ErrAccessError(), c)
return
}
gonic.Gonic(eaerrors.ErrResourceNotExists(), c)
return
}
}
func containsAccess(access string, in ...AccessLevel) bool {
userAccess := AccessLevel(access)
for _, acc := range in {
if acc == userAccess {
return true
}
}
return false
}