This repository has been archived by the owner on Apr 7, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 30
/
directory.go
61 lines (48 loc) · 1.59 KB
/
directory.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
/*
Copyright (C) 2016 H2O.ai, Inc. <http://h2o.ai/>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package data
import (
"github.com/h2oai/steam/master/az"
"github.com/pkg/errors"
)
// --- Datastore-backed Directory Impl ---
func (ds *Datastore) Lookup(name string) (az.Principal, error) {
identity, err := ds.readIdentityAndPassword(name)
if err != nil {
return nil, errors.Wrap(err, "failed reading identity with password")
}
if identity == nil {
return nil, nil
}
roleNames, err := ds.readRoleNamesForIdentity(identity.Id)
if err != nil {
return nil, err
}
isSuperuser := false
for _, roleName := range roleNames {
if roleName == SuperuserRoleName {
isSuperuser = true
break
}
}
permissionIds, err := ds.readPermissionsForIdentity(identity.Id)
if err != nil {
return nil, err
}
permissions := make(map[int64]bool)
for _, permissionId := range permissionIds {
permissions[permissionId] = true
}
return &Principal{ds, identity, permissions, isSuperuser}, nil
}