-
Notifications
You must be signed in to change notification settings - Fork 180
/
policies.go
105 lines (96 loc) · 3.53 KB
/
policies.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
/*
* Copyright (c) 2019. Abstrium SAS <team (at) pydio.com>
* This file is part of Pydio Cells.
*
* Pydio Cells is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Pydio Cells is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with Pydio Cells. If not, see <http://www.gnu.org/licenses/>.
*
* The latest code can be found at <https://pydio.com>.
*/
package permissions
import (
"context"
"fmt"
"path"
"strings"
"github.com/micro/go-micro/metadata"
"github.com/pydio/cells/common/auth/claim"
"github.com/pydio/cells/common/proto/idm"
"github.com/pydio/cells/common/proto/tree"
"github.com/pydio/cells/common/service/context"
)
const (
PolicyNodeMetaName = "NodeMetaName"
PolicyNodeMetaPath = "NodeMetaPath"
PolicyNodeMetaExtension = "NodeMetaExtension"
PolicyNodeMetaSize = "NodeMetaSize"
PolicyNodeMetaMTime = "NodeMetaMTime"
// Todo - Problem, usermeta are not loaded at this point
PolicyNodeMeta_ = "NodeMeta:"
)
// PolicyRequestSubjectsFromUser builds an array of string subjects from the passed User.
func PolicyRequestSubjectsFromUser(user *idm.User) []string {
subjects := []string{
fmt.Sprintf("user:%s", user.Login),
}
if prof, ok := user.Attributes["profile"]; ok {
subjects = append(subjects, fmt.Sprintf("profile:%s", prof))
} else {
subjects = append(subjects, "profile:standard")
}
for _, r := range user.Roles {
subjects = append(subjects, fmt.Sprintf("role:%s", r.Uuid))
}
return subjects
}
// PolicyRequestSubjectsFromClaims builds an array of string subjects from the passed Claims.
func PolicyRequestSubjectsFromClaims(claims claim.Claims) []string {
subjects := []string{
fmt.Sprintf("user:%s", claims.Name),
}
if claims.Profile != "" {
subjects = append(subjects, fmt.Sprintf("profile:%s", claims.Profile))
} else {
subjects = append(subjects, "profile:standard")
}
for _, r := range strings.Split(claims.Roles, ",") {
subjects = append(subjects, fmt.Sprintf("role:%s", r))
}
return subjects
}
// PolicyContextFromMetadata extracts metadata directly from the context and enriches the passed policyContext.
func PolicyContextFromMetadata(policyContext map[string]string, ctx context.Context) {
if ctxMeta, has := metadata.FromContext(ctx); has {
for _, key := range []string{
servicecontext.HttpMetaRemoteAddress,
servicecontext.HttpMetaUserAgent,
servicecontext.HttpMetaContentType,
servicecontext.HttpMetaProtocol,
servicecontext.ClientTime,
servicecontext.ServerTime,
} {
if val, hasKey := ctxMeta[key]; hasKey {
policyContext[key] = val
// log.Logger(ctx).Error("Set key: "+key, zap.Any("value", val))
}
}
}
}
// PolicyContextFromNode extracts metadata from the Node and enriches the passed policyContext.
func PolicyContextFromNode(policyContext map[string]string, node *tree.Node) {
policyContext[PolicyNodeMetaName] = node.GetStringMeta("name")
policyContext[PolicyNodeMetaPath] = node.Path
policyContext[PolicyNodeMetaMTime] = string(node.MTime)
policyContext[PolicyNodeMetaSize] = string(node.Size)
policyContext[PolicyNodeMetaExtension] = strings.TrimLeft(path.Ext(node.Path), ".")
}