/
auth_group.go
93 lines (83 loc) · 2.16 KB
/
auth_group.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
// Copyright 2020 tsuru authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package mongodb
import (
"github.com/globalsign/mgo"
"github.com/globalsign/mgo/bson"
"github.com/pkg/errors"
"github.com/tsuru/tsuru/db"
"github.com/tsuru/tsuru/db/storage"
"github.com/tsuru/tsuru/types/auth"
)
const (
authGroupCollection = "auth_groups"
)
var errAuthGroupNameEmpty = errors.New("group name cannot be empty")
type authGroupStorage struct{}
func (s *authGroupStorage) collection() (*storage.Collection, error) {
conn, err := db.Conn()
if err != nil {
return nil, err
}
coll := conn.Collection(authGroupCollection)
err = coll.EnsureIndex(mgo.Index{
Key: []string{"name"},
Unique: true,
})
return coll, err
}
func (s *authGroupStorage) List(filter []string) ([]auth.Group, error) {
coll, err := s.collection()
if err != nil {
return nil, err
}
defer coll.Close()
bsonFilter := bson.M{}
if filter != nil {
bsonFilter["name"] = bson.M{"$in": filter}
}
var groups []auth.Group
err = coll.Find(bsonFilter).All(&groups)
return groups, err
}
func (s *authGroupStorage) AddRole(name, roleName, contextValue string) error {
if name == "" {
return errAuthGroupNameEmpty
}
coll, err := s.collection()
if err != nil {
return err
}
defer coll.Close()
_, err = coll.Upsert(bson.M{"name": name}, bson.M{
"$addToSet": bson.M{
"roles": roleToBson(auth.RoleInstance{Name: roleName, ContextValue: contextValue}),
},
})
return err
}
func (s *authGroupStorage) RemoveRole(name, roleName, contextValue string) error {
if name == "" {
return errAuthGroupNameEmpty
}
coll, err := s.collection()
if err != nil {
return err
}
defer coll.Close()
_, err = coll.Upsert(bson.M{"name": name}, bson.M{
"$pullAll": bson.M{
"roles": []bson.D{roleToBson(auth.RoleInstance{Name: roleName, ContextValue: contextValue})},
},
})
return err
}
func roleToBson(ri auth.RoleInstance) bson.D {
// Order matters in $addToSet, that's why bson.D is used instead
// of bson.M.
return bson.D([]bson.DocElem{
{Name: "name", Value: ri.Name},
{Name: "contextvalue", Value: ri.ContextValue},
})
}