fixed doc env vars + mongo v2 migration
This commit is contained in:
Stephan D
@@ -4,7 +4,7 @@ import (
|
||||
"os"
|
||||
"time"
|
||||
|
||||
mongodbadapter "github.com/casbin/mongodb-adapter/v3"
|
||||
mongodbadapter "github.com/casbin/mongodb-adapter/v4"
|
||||
"github.com/tech/sendico/pkg/merrors"
|
||||
"github.com/tech/sendico/pkg/mlogger"
|
||||
"go.uber.org/zap"
|
||||
|
||||
@@ -5,6 +5,7 @@ import (
|
||||
"context"
|
||||
|
||||
"github.com/casbin/casbin/v2"
|
||||
"github.com/mitchellh/mapstructure"
|
||||
"github.com/tech/sendico/pkg/auth/anyobject"
|
||||
cc "github.com/tech/sendico/pkg/auth/internal/casbin/config"
|
||||
"github.com/tech/sendico/pkg/auth/internal/casbin/serialization"
|
||||
@@ -12,9 +13,8 @@ import (
|
||||
"github.com/tech/sendico/pkg/mlogger"
|
||||
"github.com/tech/sendico/pkg/model"
|
||||
"github.com/tech/sendico/pkg/mutil/mzap"
|
||||
"github.com/mitchellh/mapstructure"
|
||||
"go.mongodb.org/mongo-driver/bson/primitive"
|
||||
"go.mongodb.org/mongo-driver/mongo"
|
||||
"go.mongodb.org/mongo-driver/v2/bson"
|
||||
"go.mongodb.org/mongo-driver/v2/mongo"
|
||||
"go.uber.org/zap"
|
||||
)
|
||||
|
||||
@@ -59,7 +59,7 @@ func NewEnforcer(
|
||||
// Enforce checks if a user has the specified action permission on an object within a domain.
|
||||
func (c *CasbinEnforcer) Enforce(
|
||||
_ context.Context,
|
||||
permissionRef, accountRef, organizationRef, objectRef primitive.ObjectID,
|
||||
permissionRef, accountRef, organizationRef, objectRef bson.ObjectID,
|
||||
action model.Action,
|
||||
) (bool, error) {
|
||||
// Convert ObjectIDs to strings for Casbin
|
||||
@@ -67,7 +67,7 @@ func (c *CasbinEnforcer) Enforce(
|
||||
organization := organizationRef.Hex()
|
||||
permission := permissionRef.Hex()
|
||||
object := anyobject.ID
|
||||
if objectRef != primitive.NilObjectID {
|
||||
if objectRef != bson.NilObjectID {
|
||||
object = objectRef.Hex()
|
||||
}
|
||||
act := string(action)
|
||||
@@ -96,10 +96,10 @@ func (c *CasbinEnforcer) Enforce(
|
||||
func (c *CasbinEnforcer) EnforceBatch(
|
||||
ctx context.Context,
|
||||
objectRefs []model.PermissionBoundStorable,
|
||||
accountRef primitive.ObjectID,
|
||||
accountRef bson.ObjectID,
|
||||
action model.Action,
|
||||
) (map[primitive.ObjectID]bool, error) {
|
||||
results := make(map[primitive.ObjectID]bool, len(objectRefs))
|
||||
) (map[bson.ObjectID]bool, error) {
|
||||
results := make(map[bson.ObjectID]bool, len(objectRefs))
|
||||
for _, desc := range objectRefs {
|
||||
ok, err := c.Enforce(ctx, desc.GetPermissionRef(), accountRef, desc.GetOrganizationRef(), *desc.GetID(), action)
|
||||
if err != nil {
|
||||
@@ -115,7 +115,7 @@ func (c *CasbinEnforcer) EnforceBatch(
|
||||
}
|
||||
|
||||
// GetRoles retrieves all roles assigned to the user within the domain.
|
||||
func (c *CasbinEnforcer) GetRoles(ctx context.Context, accountRef, orgRef primitive.ObjectID) ([]model.Role, error) {
|
||||
func (c *CasbinEnforcer) GetRoles(ctx context.Context, accountRef, orgRef bson.ObjectID) ([]model.Role, error) {
|
||||
sub := accountRef.Hex()
|
||||
dom := orgRef.Hex()
|
||||
|
||||
@@ -145,7 +145,7 @@ func (c *CasbinEnforcer) GetRoles(ctx context.Context, accountRef, orgRef primit
|
||||
}
|
||||
|
||||
// GetPermissions retrieves all effective policies for the user within the domain.
|
||||
func (c *CasbinEnforcer) GetPermissions(ctx context.Context, accountRef, orgRef primitive.ObjectID) ([]model.Role, []model.Permission, error) {
|
||||
func (c *CasbinEnforcer) GetPermissions(ctx context.Context, accountRef, orgRef bson.ObjectID) ([]model.Role, []model.Permission, error) {
|
||||
c.logger.Debug("Fetching policies for user", mzap.ObjRef("account_ref", accountRef), mzap.ObjRef("organization_ref", orgRef))
|
||||
|
||||
// Step 1: Retrieve all roles assigned to the user within the domain
|
||||
|
||||
@@ -2,10 +2,10 @@ package casbin
|
||||
|
||||
import (
|
||||
"github.com/casbin/casbin/v2"
|
||||
mongodbadapter "github.com/casbin/mongodb-adapter/v3"
|
||||
mongodbadapter "github.com/casbin/mongodb-adapter/v4"
|
||||
cc "github.com/tech/sendico/pkg/auth/internal/casbin/config"
|
||||
"github.com/tech/sendico/pkg/mlogger"
|
||||
"go.mongodb.org/mongo-driver/mongo"
|
||||
"go.mongodb.org/mongo-driver/v2/mongo"
|
||||
"go.uber.org/zap"
|
||||
)
|
||||
|
||||
|
||||
@@ -9,7 +9,7 @@ import (
|
||||
"github.com/tech/sendico/pkg/mlogger"
|
||||
"github.com/tech/sendico/pkg/model"
|
||||
"github.com/tech/sendico/pkg/mutil/mzap"
|
||||
"go.mongodb.org/mongo-driver/bson/primitive"
|
||||
"go.mongodb.org/mongo-driver/v2/bson"
|
||||
"go.uber.org/zap"
|
||||
)
|
||||
|
||||
@@ -23,7 +23,7 @@ type CasbinPermissionManager struct {
|
||||
// GrantToRole adds a permission to a role in Casbin.
|
||||
func (m *CasbinPermissionManager) GrantToRole(ctx context.Context, policy *model.RolePolicy) error {
|
||||
objRef := anyobject.ID
|
||||
if (policy.ObjectRef != nil) && (*policy.ObjectRef != primitive.NilObjectID) {
|
||||
if (policy.ObjectRef != nil) && (*policy.ObjectRef != bson.NilObjectID) {
|
||||
objRef = policy.ObjectRef.Hex()
|
||||
}
|
||||
|
||||
@@ -118,7 +118,7 @@ func (m *CasbinPermissionManager) RevokeFromRole(ctx context.Context, policy *mo
|
||||
// GetPolicies retrieves all policies for a specific role.
|
||||
func (m *CasbinPermissionManager) GetPolicies(
|
||||
ctx context.Context,
|
||||
roleRef primitive.ObjectID,
|
||||
roleRef bson.ObjectID,
|
||||
) ([]model.RolePolicy, error) {
|
||||
m.logger.Debug("Fetching policies for role", mzap.ObjRef("role_ref", roleRef))
|
||||
|
||||
|
||||
@@ -9,7 +9,7 @@ import (
|
||||
"github.com/tech/sendico/pkg/mlogger"
|
||||
"github.com/tech/sendico/pkg/model"
|
||||
"github.com/tech/sendico/pkg/mutil/mzap"
|
||||
"go.mongodb.org/mongo-driver/bson/primitive"
|
||||
"go.mongodb.org/mongo-driver/v2/bson"
|
||||
"go.uber.org/zap"
|
||||
)
|
||||
|
||||
@@ -18,11 +18,11 @@ type RoleManager struct {
|
||||
logger mlogger.Logger
|
||||
enforcer *CasbinEnforcer
|
||||
rdb role.DB
|
||||
rolePermissionRef primitive.ObjectID
|
||||
rolePermissionRef bson.ObjectID
|
||||
}
|
||||
|
||||
// NewRoleManager creates a new RoleManager.
|
||||
func NewRoleManager(logger mlogger.Logger, enforcer *CasbinEnforcer, rolePermissionRef primitive.ObjectID, rdb role.DB) *RoleManager {
|
||||
func NewRoleManager(logger mlogger.Logger, enforcer *CasbinEnforcer, rolePermissionRef bson.ObjectID, rdb role.DB) *RoleManager {
|
||||
return &RoleManager{
|
||||
logger: logger.Named("role"),
|
||||
enforcer: enforcer,
|
||||
@@ -32,7 +32,7 @@ func NewRoleManager(logger mlogger.Logger, enforcer *CasbinEnforcer, rolePermiss
|
||||
}
|
||||
|
||||
// validateObjectIDs ensures that all provided ObjectIDs are non-zero.
|
||||
func (rm *RoleManager) validateObjectIDs(ids ...primitive.ObjectID) error {
|
||||
func (rm *RoleManager) validateObjectIDs(ids ...bson.ObjectID) error {
|
||||
for _, id := range ids {
|
||||
if id.IsZero() {
|
||||
return merrors.InvalidArgument("Object references cannot be zero", "objectRef")
|
||||
@@ -42,7 +42,7 @@ func (rm *RoleManager) validateObjectIDs(ids ...primitive.ObjectID) error {
|
||||
}
|
||||
|
||||
// removePolicies removes policies based on the provided filter and logs the results.
|
||||
func (rm *RoleManager) removePolicies(policyType, role string, roleRef primitive.ObjectID) error {
|
||||
func (rm *RoleManager) removePolicies(policyType, role string, roleRef bson.ObjectID) error {
|
||||
filterIndex := 1
|
||||
if policyType == "permission" {
|
||||
filterIndex = 0
|
||||
@@ -78,14 +78,14 @@ func (rm *RoleManager) removePolicies(policyType, role string, roleRef primitive
|
||||
}
|
||||
|
||||
// fetchRolesFromPolicies retrieves and converts policies to roles.
|
||||
func (rm *RoleManager) fetchRolesFromPolicies(policies [][]string, orgRef primitive.ObjectID) []model.RoleDescription {
|
||||
func (rm *RoleManager) fetchRolesFromPolicies(policies [][]string, orgRef bson.ObjectID) []model.RoleDescription {
|
||||
roles := make([]model.RoleDescription, 0, len(policies))
|
||||
for _, policy := range policies {
|
||||
if len(policy) < 2 {
|
||||
continue
|
||||
}
|
||||
|
||||
roleID, err := primitive.ObjectIDFromHex(policy[1])
|
||||
roleID, err := bson.ObjectIDFromHex(policy[1])
|
||||
if err != nil {
|
||||
rm.logger.Warn("Invalid role ID", zap.String("roleID", policy[1]))
|
||||
continue
|
||||
@@ -96,7 +96,7 @@ func (rm *RoleManager) fetchRolesFromPolicies(policies [][]string, orgRef primit
|
||||
}
|
||||
|
||||
// Create creates a new role in an organization.
|
||||
func (rm *RoleManager) Create(ctx context.Context, orgRef primitive.ObjectID, description *model.Describable) (*model.RoleDescription, error) {
|
||||
func (rm *RoleManager) Create(ctx context.Context, orgRef bson.ObjectID, description *model.Describable) (*model.RoleDescription, error) {
|
||||
if err := rm.validateObjectIDs(orgRef); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -129,7 +129,7 @@ func (rm *RoleManager) Assign(ctx context.Context, role *model.Role) error {
|
||||
}
|
||||
|
||||
// Delete removes a role entirely and cleans up associated Casbin policies.
|
||||
func (rm *RoleManager) Delete(ctx context.Context, roleRef primitive.ObjectID) error {
|
||||
func (rm *RoleManager) Delete(ctx context.Context, roleRef bson.ObjectID) error {
|
||||
if err := rm.validateObjectIDs(roleRef); err != nil {
|
||||
rm.logger.Warn("Failed to delete role", mzap.ObjRef("role_ref", roleRef))
|
||||
return err
|
||||
@@ -166,7 +166,7 @@ func (rm *RoleManager) Delete(ctx context.Context, roleRef primitive.ObjectID) e
|
||||
}
|
||||
|
||||
// Revoke removes a role from a user.
|
||||
func (rm *RoleManager) Revoke(ctx context.Context, roleRef, accountRef, orgRef primitive.ObjectID) error {
|
||||
func (rm *RoleManager) Revoke(ctx context.Context, roleRef, accountRef, orgRef bson.ObjectID) error {
|
||||
if err := rm.validateObjectIDs(roleRef, accountRef, orgRef); err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -180,7 +180,7 @@ func (rm *RoleManager) Revoke(ctx context.Context, roleRef, accountRef, orgRef p
|
||||
}
|
||||
|
||||
// logPolicyResult logs results for Assign and Revoke.
|
||||
func (rm *RoleManager) logPolicyResult(action string, result bool, err error, roleRef, accountRef, orgRef primitive.ObjectID) error {
|
||||
func (rm *RoleManager) logPolicyResult(action string, result bool, err error, roleRef, accountRef, orgRef bson.ObjectID) error {
|
||||
if err != nil {
|
||||
rm.logger.Warn("Failed to "+action+" role", zap.Error(err), mzap.ObjRef("role_ref", roleRef), mzap.ObjRef("account_ref", accountRef), mzap.ObjRef("organization_ref", orgRef))
|
||||
return err
|
||||
@@ -194,7 +194,7 @@ func (rm *RoleManager) logPolicyResult(action string, result bool, err error, ro
|
||||
}
|
||||
|
||||
// List retrieves all roles in an organization or all roles if orgRef is zero.
|
||||
func (rm *RoleManager) List(ctx context.Context, orgRef primitive.ObjectID) ([]model.RoleDescription, error) {
|
||||
func (rm *RoleManager) List(ctx context.Context, orgRef bson.ObjectID) ([]model.RoleDescription, error) {
|
||||
domain := orgRef.Hex()
|
||||
groupingPolicies, err := rm.enforcer.enforcer.GetFilteredGroupingPolicy(2, domain)
|
||||
if err != nil {
|
||||
|
||||
@@ -4,7 +4,7 @@ import (
|
||||
"github.com/tech/sendico/pkg/auth/anyobject"
|
||||
"github.com/tech/sendico/pkg/merrors"
|
||||
"github.com/tech/sendico/pkg/model"
|
||||
"go.mongodb.org/mongo-driver/bson/primitive"
|
||||
"go.mongodb.org/mongo-driver/v2/bson"
|
||||
)
|
||||
|
||||
// PolicySerializer implements CasbinSerializer for Permission.
|
||||
@@ -41,25 +41,25 @@ func (s *PolicySerializer) Deserialize(policy []string) (*model.RolePolicy, erro
|
||||
return nil, merrors.Internal("invalid policy format")
|
||||
}
|
||||
|
||||
roleRef, err := primitive.ObjectIDFromHex(policy[0])
|
||||
roleRef, err := bson.ObjectIDFromHex(policy[0])
|
||||
if err != nil {
|
||||
return nil, merrors.InvalidArgument("invalid roleRef in policy")
|
||||
}
|
||||
|
||||
organizationRef, err := primitive.ObjectIDFromHex(policy[1])
|
||||
organizationRef, err := bson.ObjectIDFromHex(policy[1])
|
||||
if err != nil {
|
||||
return nil, merrors.InvalidArgument("invalid organizationRef in policy")
|
||||
}
|
||||
|
||||
permissionRef, err := primitive.ObjectIDFromHex(policy[2])
|
||||
permissionRef, err := bson.ObjectIDFromHex(policy[2])
|
||||
if err != nil {
|
||||
return nil, merrors.InvalidArgument("invalid permissionRef in policy")
|
||||
}
|
||||
|
||||
// Handle wildcard for ObjectRef
|
||||
var objectRef *primitive.ObjectID
|
||||
var objectRef *bson.ObjectID
|
||||
if policy[3] != anyobject.ID {
|
||||
ref, err := primitive.ObjectIDFromHex(policy[3])
|
||||
ref, err := bson.ObjectIDFromHex(policy[3])
|
||||
if err != nil {
|
||||
return nil, merrors.InvalidArgument("invalid objectRef in policy")
|
||||
}
|
||||
|
||||
@@ -3,7 +3,7 @@ package serializationimp
|
||||
import (
|
||||
"github.com/tech/sendico/pkg/merrors"
|
||||
"github.com/tech/sendico/pkg/model"
|
||||
"go.mongodb.org/mongo-driver/bson/primitive"
|
||||
"go.mongodb.org/mongo-driver/v2/bson"
|
||||
)
|
||||
|
||||
// RoleSerializer implements CasbinSerializer for Role.
|
||||
@@ -31,19 +31,19 @@ func (s *RoleSerializer) Deserialize(policy []string) (*model.Role, error) {
|
||||
}
|
||||
|
||||
// Parse accountRef
|
||||
accountRef, err := primitive.ObjectIDFromHex(policy[0])
|
||||
accountRef, err := bson.ObjectIDFromHex(policy[0])
|
||||
if err != nil {
|
||||
return nil, merrors.InvalidArgument("invalid accountRef in grouping policy")
|
||||
}
|
||||
|
||||
// Parse roleDescriptionRef (roleRef)
|
||||
roleDescriptionRef, err := primitive.ObjectIDFromHex(policy[1])
|
||||
roleDescriptionRef, err := bson.ObjectIDFromHex(policy[1])
|
||||
if err != nil {
|
||||
return nil, merrors.InvalidArgument("invalid roleRef in grouping policy")
|
||||
}
|
||||
|
||||
// Parse organizationRef
|
||||
organizationRef, err := primitive.ObjectIDFromHex(policy[2])
|
||||
organizationRef, err := bson.ObjectIDFromHex(policy[2])
|
||||
if err != nil {
|
||||
return nil, merrors.InvalidArgument("invalid organizationRef in grouping policy")
|
||||
}
|
||||
|
||||
@@ -11,8 +11,8 @@ import (
|
||||
"github.com/tech/sendico/pkg/model"
|
||||
"github.com/tech/sendico/pkg/mservice"
|
||||
mutil "github.com/tech/sendico/pkg/mutil/db"
|
||||
"go.mongodb.org/mongo-driver/bson/primitive"
|
||||
"go.mongodb.org/mongo-driver/mongo"
|
||||
"go.mongodb.org/mongo-driver/v2/bson"
|
||||
"go.mongodb.org/mongo-driver/v2/mongo"
|
||||
"go.uber.org/zap"
|
||||
)
|
||||
|
||||
@@ -38,7 +38,7 @@ func (db *PermissionsDBImp) Policies(ctx context.Context, object model.Permissio
|
||||
)
|
||||
}
|
||||
|
||||
func (db *PermissionsDBImp) PoliciesForPermissionAction(ctx context.Context, roleRef, permissionRef primitive.ObjectID, action model.Action) ([]nstructures.PolicyAssignment, error) {
|
||||
func (db *PermissionsDBImp) PoliciesForPermissionAction(ctx context.Context, roleRef, permissionRef bson.ObjectID, action model.Action) ([]nstructures.PolicyAssignment, error) {
|
||||
return mutil.GetObjects[nstructures.PolicyAssignment](
|
||||
ctx,
|
||||
db.Logger,
|
||||
@@ -55,7 +55,7 @@ func (db *PermissionsDBImp) PoliciesForPermissionAction(ctx context.Context, rol
|
||||
func (db *PermissionsDBImp) Remove(ctx context.Context, policy *model.RolePolicy) error {
|
||||
objRefFilter := repository.Query().Or(
|
||||
repository.Filter("policy.objectRef", nil),
|
||||
repository.Filter("policy.objectRef", primitive.NilObjectID),
|
||||
repository.Filter("policy.objectRef", bson.NilObjectID),
|
||||
)
|
||||
if policy.ObjectRef != nil {
|
||||
objRefFilter = repository.Filter("policy.objectRef", *policy.ObjectRef)
|
||||
@@ -73,7 +73,7 @@ func (db *PermissionsDBImp) Remove(ctx context.Context, policy *model.RolePolicy
|
||||
)
|
||||
}
|
||||
|
||||
func (db *PermissionsDBImp) PoliciesForRole(ctx context.Context, roleRef primitive.ObjectID) ([]nstructures.PolicyAssignment, error) {
|
||||
func (db *PermissionsDBImp) PoliciesForRole(ctx context.Context, roleRef bson.ObjectID) ([]nstructures.PolicyAssignment, error) {
|
||||
return mutil.GetObjects[nstructures.PolicyAssignment](
|
||||
ctx,
|
||||
db.Logger,
|
||||
@@ -83,7 +83,7 @@ func (db *PermissionsDBImp) PoliciesForRole(ctx context.Context, roleRef primiti
|
||||
)
|
||||
}
|
||||
|
||||
func (db *PermissionsDBImp) PoliciesForRoles(ctx context.Context, roleRefs []primitive.ObjectID, action model.Action) ([]nstructures.PolicyAssignment, error) {
|
||||
func (db *PermissionsDBImp) PoliciesForRoles(ctx context.Context, roleRefs []bson.ObjectID, action model.Action) ([]nstructures.PolicyAssignment, error) {
|
||||
if len(roleRefs) == 0 {
|
||||
db.Logger.Debug("Empty role references list provided, returning empty resposnse")
|
||||
return []nstructures.PolicyAssignment{}, nil
|
||||
|
||||
@@ -9,8 +9,8 @@ import (
|
||||
"github.com/tech/sendico/pkg/db/template"
|
||||
"github.com/tech/sendico/pkg/mlogger"
|
||||
mutil "github.com/tech/sendico/pkg/mutil/db"
|
||||
"go.mongodb.org/mongo-driver/bson/primitive"
|
||||
"go.mongodb.org/mongo-driver/mongo"
|
||||
"go.mongodb.org/mongo-driver/v2/bson"
|
||||
"go.mongodb.org/mongo-driver/v2/mongo"
|
||||
"go.uber.org/zap"
|
||||
)
|
||||
|
||||
@@ -18,7 +18,7 @@ type RolesDBImp struct {
|
||||
template.DBImp[*nstructures.RoleAssignment]
|
||||
}
|
||||
|
||||
func (db *RolesDBImp) Roles(ctx context.Context, accountRef, organizationRef primitive.ObjectID) ([]nstructures.RoleAssignment, error) {
|
||||
func (db *RolesDBImp) Roles(ctx context.Context, accountRef, organizationRef bson.ObjectID) ([]nstructures.RoleAssignment, error) {
|
||||
return mutil.GetObjects[nstructures.RoleAssignment](
|
||||
ctx,
|
||||
db.Logger,
|
||||
@@ -31,7 +31,7 @@ func (db *RolesDBImp) Roles(ctx context.Context, accountRef, organizationRef pri
|
||||
)
|
||||
}
|
||||
|
||||
func (db *RolesDBImp) RolesForVenue(ctx context.Context, organizationRef primitive.ObjectID) ([]nstructures.RoleAssignment, error) {
|
||||
func (db *RolesDBImp) RolesForVenue(ctx context.Context, organizationRef bson.ObjectID) ([]nstructures.RoleAssignment, error) {
|
||||
return mutil.GetObjects[nstructures.RoleAssignment](
|
||||
ctx,
|
||||
db.Logger,
|
||||
@@ -43,7 +43,7 @@ func (db *RolesDBImp) RolesForVenue(ctx context.Context, organizationRef primiti
|
||||
)
|
||||
}
|
||||
|
||||
func (db *RolesDBImp) DeleteRole(ctx context.Context, roleRef primitive.ObjectID) error {
|
||||
func (db *RolesDBImp) DeleteRole(ctx context.Context, roleRef bson.ObjectID) error {
|
||||
return db.DeleteMany(
|
||||
ctx,
|
||||
repository.Query().And(
|
||||
@@ -52,7 +52,7 @@ func (db *RolesDBImp) DeleteRole(ctx context.Context, roleRef primitive.ObjectID
|
||||
)
|
||||
}
|
||||
|
||||
func (db *RolesDBImp) RemoveRole(ctx context.Context, roleRef, organizationRef, accountRef primitive.ObjectID) error {
|
||||
func (db *RolesDBImp) RemoveRole(ctx context.Context, roleRef, organizationRef, accountRef bson.ObjectID) error {
|
||||
return db.DeleteMany(
|
||||
ctx,
|
||||
repository.Query().And(
|
||||
|
||||
@@ -8,17 +8,17 @@ import (
|
||||
"github.com/tech/sendico/pkg/db/template"
|
||||
"github.com/tech/sendico/pkg/mlogger"
|
||||
"github.com/tech/sendico/pkg/model"
|
||||
"go.mongodb.org/mongo-driver/bson/primitive"
|
||||
"go.mongodb.org/mongo-driver/mongo"
|
||||
"go.mongodb.org/mongo-driver/v2/bson"
|
||||
"go.mongodb.org/mongo-driver/v2/mongo"
|
||||
)
|
||||
|
||||
type PoliciesDB interface {
|
||||
template.DB[*nstructures.PolicyAssignment]
|
||||
// plenty of interfaces for performance reasons
|
||||
Policies(ctx context.Context, object model.PermissionBoundStorable, action model.Action) ([]nstructures.PolicyAssignment, error)
|
||||
PoliciesForPermissionAction(ctx context.Context, roleRef, permissionRef primitive.ObjectID, action model.Action) ([]nstructures.PolicyAssignment, error)
|
||||
PoliciesForRole(ctx context.Context, roleRef primitive.ObjectID) ([]nstructures.PolicyAssignment, error)
|
||||
PoliciesForRoles(ctx context.Context, roleRefs []primitive.ObjectID, action model.Action) ([]nstructures.PolicyAssignment, error)
|
||||
PoliciesForPermissionAction(ctx context.Context, roleRef, permissionRef bson.ObjectID, action model.Action) ([]nstructures.PolicyAssignment, error)
|
||||
PoliciesForRole(ctx context.Context, roleRef bson.ObjectID) ([]nstructures.PolicyAssignment, error)
|
||||
PoliciesForRoles(ctx context.Context, roleRefs []bson.ObjectID, action model.Action) ([]nstructures.PolicyAssignment, error)
|
||||
Remove(ctx context.Context, policy *model.RolePolicy) error
|
||||
}
|
||||
|
||||
|
||||
@@ -7,16 +7,16 @@ import (
|
||||
"github.com/tech/sendico/pkg/auth/internal/native/nstructures"
|
||||
"github.com/tech/sendico/pkg/db/template"
|
||||
"github.com/tech/sendico/pkg/mlogger"
|
||||
"go.mongodb.org/mongo-driver/bson/primitive"
|
||||
"go.mongodb.org/mongo-driver/mongo"
|
||||
"go.mongodb.org/mongo-driver/v2/bson"
|
||||
"go.mongodb.org/mongo-driver/v2/mongo"
|
||||
)
|
||||
|
||||
type RolesDB interface {
|
||||
template.DB[*nstructures.RoleAssignment]
|
||||
Roles(ctx context.Context, accountRef, organizationRef primitive.ObjectID) ([]nstructures.RoleAssignment, error)
|
||||
RolesForVenue(ctx context.Context, organizationRef primitive.ObjectID) ([]nstructures.RoleAssignment, error)
|
||||
RemoveRole(ctx context.Context, roleRef, organizationRef, accountRef primitive.ObjectID) error
|
||||
DeleteRole(ctx context.Context, roleRef primitive.ObjectID) error
|
||||
Roles(ctx context.Context, accountRef, organizationRef bson.ObjectID) ([]nstructures.RoleAssignment, error)
|
||||
RolesForVenue(ctx context.Context, organizationRef bson.ObjectID) ([]nstructures.RoleAssignment, error)
|
||||
RemoveRole(ctx context.Context, roleRef, organizationRef, accountRef bson.ObjectID) error
|
||||
DeleteRole(ctx context.Context, roleRef bson.ObjectID) error
|
||||
}
|
||||
|
||||
func NewRolesDB(logger mlogger.Logger, conn *mongo.Database) (RolesDB, error) {
|
||||
|
||||
@@ -9,8 +9,8 @@ import (
|
||||
"github.com/tech/sendico/pkg/mlogger"
|
||||
"github.com/tech/sendico/pkg/model"
|
||||
"github.com/tech/sendico/pkg/mutil/mzap"
|
||||
"go.mongodb.org/mongo-driver/bson/primitive"
|
||||
"go.mongodb.org/mongo-driver/mongo"
|
||||
"go.mongodb.org/mongo-driver/v2/bson"
|
||||
"go.mongodb.org/mongo-driver/v2/mongo"
|
||||
"go.uber.org/zap"
|
||||
)
|
||||
|
||||
@@ -44,7 +44,7 @@ func NewEnforcer(
|
||||
// Enforce checks if a user has the specified action permission on an object within a domain.
|
||||
func (n *Enforcer) Enforce(
|
||||
ctx context.Context,
|
||||
permissionRef, accountRef, organizationRef, objectRef primitive.ObjectID,
|
||||
permissionRef, accountRef, organizationRef, objectRef bson.ObjectID,
|
||||
action model.Action,
|
||||
) (bool, error) {
|
||||
if organizationRef.IsZero() {
|
||||
@@ -118,13 +118,13 @@ func (n *Enforcer) Enforce(
|
||||
func (n *Enforcer) EnforceBatch(
|
||||
ctx context.Context,
|
||||
objectRefs []model.PermissionBoundStorable,
|
||||
accountRef primitive.ObjectID,
|
||||
accountRef bson.ObjectID,
|
||||
action model.Action,
|
||||
) (map[primitive.ObjectID]bool, error) {
|
||||
results := make(map[primitive.ObjectID]bool, len(objectRefs))
|
||||
) (map[bson.ObjectID]bool, error) {
|
||||
results := make(map[bson.ObjectID]bool, len(objectRefs))
|
||||
|
||||
// Group objectRefs by organizationRef.
|
||||
objectsByVenue := make(map[primitive.ObjectID][]model.PermissionBoundStorable)
|
||||
objectsByVenue := make(map[bson.ObjectID][]model.PermissionBoundStorable)
|
||||
for _, obj := range objectRefs {
|
||||
organizationRef := obj.GetOrganizationRef()
|
||||
objectsByVenue[organizationRef] = append(objectsByVenue[organizationRef], obj)
|
||||
@@ -151,7 +151,7 @@ func (n *Enforcer) EnforceBatch(
|
||||
}
|
||||
|
||||
// 2. Extract role description references
|
||||
var roleRefs []primitive.ObjectID
|
||||
var roleRefs []bson.ObjectID
|
||||
for _, role := range roles {
|
||||
roleRefs = append(roleRefs, role.DescriptionRef)
|
||||
}
|
||||
@@ -164,7 +164,7 @@ func (n *Enforcer) EnforceBatch(
|
||||
}
|
||||
|
||||
// 4. Build a lookup map keyed by PermissionRef.
|
||||
policyMap := make(map[primitive.ObjectID][]nstructures.PolicyAssignment)
|
||||
policyMap := make(map[bson.ObjectID][]nstructures.PolicyAssignment)
|
||||
for _, policy := range allPolicies {
|
||||
policyMap[policy.DescriptionRef] = append(policyMap[policy.DescriptionRef], policy)
|
||||
}
|
||||
@@ -197,7 +197,7 @@ func (n *Enforcer) EnforceBatch(
|
||||
}
|
||||
|
||||
// GetRoles retrieves all roles assigned to the user within the domain.
|
||||
func (n *Enforcer) GetRoles(ctx context.Context, accountRef, organizationRef primitive.ObjectID) ([]model.Role, error) {
|
||||
func (n *Enforcer) GetRoles(ctx context.Context, accountRef, organizationRef bson.ObjectID) ([]model.Role, error) {
|
||||
n.logger.Debug("Fetching roles for user", mzap.ObjRef("account_ref", accountRef), mzap.ObjRef("organization_ref", organizationRef))
|
||||
ra, err := n.rdb.Roles(ctx, accountRef, organizationRef)
|
||||
if errors.Is(err, merrors.ErrNoData) {
|
||||
@@ -224,7 +224,7 @@ func (n *Enforcer) Reload() error {
|
||||
}
|
||||
|
||||
// GetPermissions retrieves all effective policies for the user within the domain.
|
||||
func (n *Enforcer) GetPermissions(ctx context.Context, accountRef, organizationRef primitive.ObjectID) ([]model.Role, []model.Permission, error) {
|
||||
func (n *Enforcer) GetPermissions(ctx context.Context, accountRef, organizationRef bson.ObjectID) ([]model.Role, []model.Permission, error) {
|
||||
n.logger.Debug("Fetching policies for user", mzap.ObjRef("account_ref", accountRef), mzap.ObjRef("organization_ref", organizationRef))
|
||||
|
||||
roles, err := n.GetRoles(ctx, accountRef, organizationRef)
|
||||
@@ -233,7 +233,7 @@ func (n *Enforcer) GetPermissions(ctx context.Context, accountRef, organizationR
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
uniquePermissions := make(map[primitive.ObjectID]model.Permission)
|
||||
uniquePermissions := make(map[bson.ObjectID]model.Permission)
|
||||
for _, role := range roles {
|
||||
perms, err := n.pdb.PoliciesForRole(ctx, role.DescriptionRef)
|
||||
if err != nil {
|
||||
|
||||
@@ -5,15 +5,15 @@ import (
|
||||
"errors"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/mock"
|
||||
"github.com/stretchr/testify/require"
|
||||
"github.com/tech/sendico/pkg/auth/internal/native/nstructures"
|
||||
"github.com/tech/sendico/pkg/db/repository/builder"
|
||||
"github.com/tech/sendico/pkg/merrors"
|
||||
factory "github.com/tech/sendico/pkg/mlogger/factory"
|
||||
"github.com/tech/sendico/pkg/model"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/mock"
|
||||
"github.com/stretchr/testify/require"
|
||||
"go.mongodb.org/mongo-driver/bson/primitive"
|
||||
"go.mongodb.org/mongo-driver/v2/bson"
|
||||
)
|
||||
|
||||
// Mock implementations for testing
|
||||
@@ -21,17 +21,17 @@ type MockPoliciesDB struct {
|
||||
mock.Mock
|
||||
}
|
||||
|
||||
func (m *MockPoliciesDB) PoliciesForPermissionAction(ctx context.Context, roleRef, permissionRef primitive.ObjectID, action model.Action) ([]nstructures.PolicyAssignment, error) {
|
||||
func (m *MockPoliciesDB) PoliciesForPermissionAction(ctx context.Context, roleRef, permissionRef bson.ObjectID, action model.Action) ([]nstructures.PolicyAssignment, error) {
|
||||
args := m.Called(ctx, roleRef, permissionRef, action)
|
||||
return args.Get(0).([]nstructures.PolicyAssignment), args.Error(1)
|
||||
}
|
||||
|
||||
func (m *MockPoliciesDB) PoliciesForRole(ctx context.Context, roleRef primitive.ObjectID) ([]nstructures.PolicyAssignment, error) {
|
||||
func (m *MockPoliciesDB) PoliciesForRole(ctx context.Context, roleRef bson.ObjectID) ([]nstructures.PolicyAssignment, error) {
|
||||
args := m.Called(ctx, roleRef)
|
||||
return args.Get(0).([]nstructures.PolicyAssignment), args.Error(1)
|
||||
}
|
||||
|
||||
func (m *MockPoliciesDB) PoliciesForRoles(ctx context.Context, roleRefs []primitive.ObjectID, action model.Action) ([]nstructures.PolicyAssignment, error) {
|
||||
func (m *MockPoliciesDB) PoliciesForRoles(ctx context.Context, roleRefs []bson.ObjectID, action model.Action) ([]nstructures.PolicyAssignment, error) {
|
||||
args := m.Called(ctx, roleRefs, action)
|
||||
return args.Get(0).([]nstructures.PolicyAssignment), args.Error(1)
|
||||
}
|
||||
@@ -52,7 +52,7 @@ func (m *MockPoliciesDB) Create(ctx context.Context, assignment *nstructures.Pol
|
||||
return args.Error(0)
|
||||
}
|
||||
|
||||
func (m *MockPoliciesDB) Get(ctx context.Context, id primitive.ObjectID, assignment *nstructures.PolicyAssignment) error {
|
||||
func (m *MockPoliciesDB) Get(ctx context.Context, id bson.ObjectID, assignment *nstructures.PolicyAssignment) error {
|
||||
args := m.Called(ctx, id, assignment)
|
||||
return args.Error(0)
|
||||
}
|
||||
@@ -62,12 +62,12 @@ func (m *MockPoliciesDB) Update(ctx context.Context, assignment *nstructures.Pol
|
||||
return args.Error(0)
|
||||
}
|
||||
|
||||
func (m *MockPoliciesDB) Patch(ctx context.Context, objectRef primitive.ObjectID, patch builder.Patch) error {
|
||||
func (m *MockPoliciesDB) Patch(ctx context.Context, objectRef bson.ObjectID, patch builder.Patch) error {
|
||||
args := m.Called(ctx, objectRef, patch)
|
||||
return args.Error(0)
|
||||
}
|
||||
|
||||
func (m *MockPoliciesDB) Delete(ctx context.Context, id primitive.ObjectID) error {
|
||||
func (m *MockPoliciesDB) Delete(ctx context.Context, id bson.ObjectID) error {
|
||||
args := m.Called(ctx, id)
|
||||
return args.Error(0)
|
||||
}
|
||||
@@ -77,14 +77,14 @@ func (m *MockPoliciesDB) DeleteMany(ctx context.Context, query builder.Query) er
|
||||
return args.Error(0)
|
||||
}
|
||||
|
||||
func (m *MockPoliciesDB) ListPermissionBound(ctx context.Context, accountRef, organizationRef primitive.ObjectID) ([]nstructures.PolicyAssignment, error) {
|
||||
func (m *MockPoliciesDB) ListPermissionBound(ctx context.Context, accountRef, organizationRef bson.ObjectID) ([]nstructures.PolicyAssignment, error) {
|
||||
args := m.Called(ctx, accountRef, organizationRef)
|
||||
return args.Get(0).([]nstructures.PolicyAssignment), args.Error(1)
|
||||
}
|
||||
|
||||
func (m *MockPoliciesDB) ListIDs(ctx context.Context, query interface{}) ([]primitive.ObjectID, error) {
|
||||
func (m *MockPoliciesDB) ListIDs(ctx context.Context, query interface{}) ([]bson.ObjectID, error) {
|
||||
args := m.Called(ctx, query)
|
||||
return args.Get(0).([]primitive.ObjectID), args.Error(1)
|
||||
return args.Get(0).([]bson.ObjectID), args.Error(1)
|
||||
}
|
||||
|
||||
func (m *MockPoliciesDB) FindOne(ctx context.Context, query builder.Query, assignment *nstructures.PolicyAssignment) error {
|
||||
@@ -101,7 +101,7 @@ func (m *MockPoliciesDB) Name() string {
|
||||
return "mock_policies"
|
||||
}
|
||||
|
||||
func (m *MockPoliciesDB) DeleteCascade(ctx context.Context, id primitive.ObjectID) error {
|
||||
func (m *MockPoliciesDB) DeleteCascade(ctx context.Context, id bson.ObjectID) error {
|
||||
args := m.Called(ctx, id)
|
||||
return args.Error(0)
|
||||
}
|
||||
@@ -115,22 +115,22 @@ type MockRolesDB struct {
|
||||
mock.Mock
|
||||
}
|
||||
|
||||
func (m *MockRolesDB) Roles(ctx context.Context, accountRef, organizationRef primitive.ObjectID) ([]nstructures.RoleAssignment, error) {
|
||||
func (m *MockRolesDB) Roles(ctx context.Context, accountRef, organizationRef bson.ObjectID) ([]nstructures.RoleAssignment, error) {
|
||||
args := m.Called(ctx, accountRef, organizationRef)
|
||||
return args.Get(0).([]nstructures.RoleAssignment), args.Error(1)
|
||||
}
|
||||
|
||||
func (m *MockRolesDB) RolesForVenue(ctx context.Context, organizationRef primitive.ObjectID) ([]nstructures.RoleAssignment, error) {
|
||||
func (m *MockRolesDB) RolesForVenue(ctx context.Context, organizationRef bson.ObjectID) ([]nstructures.RoleAssignment, error) {
|
||||
args := m.Called(ctx, organizationRef)
|
||||
return args.Get(0).([]nstructures.RoleAssignment), args.Error(1)
|
||||
}
|
||||
|
||||
func (m *MockRolesDB) RemoveRole(ctx context.Context, roleRef, organizationRef, accountRef primitive.ObjectID) error {
|
||||
func (m *MockRolesDB) RemoveRole(ctx context.Context, roleRef, organizationRef, accountRef bson.ObjectID) error {
|
||||
args := m.Called(ctx, roleRef, organizationRef, accountRef)
|
||||
return args.Error(0)
|
||||
}
|
||||
|
||||
func (m *MockRolesDB) DeleteRole(ctx context.Context, roleRef primitive.ObjectID) error {
|
||||
func (m *MockRolesDB) DeleteRole(ctx context.Context, roleRef bson.ObjectID) error {
|
||||
args := m.Called(ctx, roleRef)
|
||||
return args.Error(0)
|
||||
}
|
||||
@@ -141,7 +141,7 @@ func (m *MockRolesDB) Create(ctx context.Context, assignment *nstructures.RoleAs
|
||||
return args.Error(0)
|
||||
}
|
||||
|
||||
func (m *MockRolesDB) Get(ctx context.Context, id primitive.ObjectID, assignment *nstructures.RoleAssignment) error {
|
||||
func (m *MockRolesDB) Get(ctx context.Context, id bson.ObjectID, assignment *nstructures.RoleAssignment) error {
|
||||
args := m.Called(ctx, id, assignment)
|
||||
return args.Error(0)
|
||||
}
|
||||
@@ -151,12 +151,12 @@ func (m *MockRolesDB) Update(ctx context.Context, assignment *nstructures.RoleAs
|
||||
return args.Error(0)
|
||||
}
|
||||
|
||||
func (m *MockRolesDB) Patch(ctx context.Context, objectRef primitive.ObjectID, patch builder.Patch) error {
|
||||
func (m *MockRolesDB) Patch(ctx context.Context, objectRef bson.ObjectID, patch builder.Patch) error {
|
||||
args := m.Called(ctx, objectRef, patch)
|
||||
return args.Error(0)
|
||||
}
|
||||
|
||||
func (m *MockRolesDB) Delete(ctx context.Context, id primitive.ObjectID) error {
|
||||
func (m *MockRolesDB) Delete(ctx context.Context, id bson.ObjectID) error {
|
||||
args := m.Called(ctx, id)
|
||||
return args.Error(0)
|
||||
}
|
||||
@@ -166,14 +166,14 @@ func (m *MockRolesDB) DeleteMany(ctx context.Context, query builder.Query) error
|
||||
return args.Error(0)
|
||||
}
|
||||
|
||||
func (m *MockRolesDB) ListPermissionBound(ctx context.Context, accountRef, organizationRef primitive.ObjectID) ([]nstructures.RoleAssignment, error) {
|
||||
func (m *MockRolesDB) ListPermissionBound(ctx context.Context, accountRef, organizationRef bson.ObjectID) ([]nstructures.RoleAssignment, error) {
|
||||
args := m.Called(ctx, accountRef, organizationRef)
|
||||
return args.Get(0).([]nstructures.RoleAssignment), args.Error(1)
|
||||
}
|
||||
|
||||
func (m *MockRolesDB) ListIDs(ctx context.Context, query interface{}) ([]primitive.ObjectID, error) {
|
||||
func (m *MockRolesDB) ListIDs(ctx context.Context, query interface{}) ([]bson.ObjectID, error) {
|
||||
args := m.Called(ctx, query)
|
||||
return args.Get(0).([]primitive.ObjectID), args.Error(1)
|
||||
return args.Get(0).([]bson.ObjectID), args.Error(1)
|
||||
}
|
||||
|
||||
func (m *MockRolesDB) FindOne(ctx context.Context, query builder.Query, assignment *nstructures.RoleAssignment) error {
|
||||
@@ -190,7 +190,7 @@ func (m *MockRolesDB) Name() string {
|
||||
return "mock_roles"
|
||||
}
|
||||
|
||||
func (m *MockRolesDB) DeleteCascade(ctx context.Context, id primitive.ObjectID) error {
|
||||
func (m *MockRolesDB) DeleteCascade(ctx context.Context, id bson.ObjectID) error {
|
||||
args := m.Called(ctx, id)
|
||||
return args.Error(0)
|
||||
}
|
||||
@@ -201,11 +201,11 @@ func (m *MockRolesDB) InsertMany(ctx context.Context, objects []*nstructures.Rol
|
||||
}
|
||||
|
||||
// Test helper functions
|
||||
func createTestObjectID() primitive.ObjectID {
|
||||
return primitive.NewObjectID()
|
||||
func createTestObjectID() bson.ObjectID {
|
||||
return bson.NewObjectID()
|
||||
}
|
||||
|
||||
func createTestRoleAssignment(roleRef, accountRef, organizationRef primitive.ObjectID) nstructures.RoleAssignment {
|
||||
func createTestRoleAssignment(roleRef, accountRef, organizationRef bson.ObjectID) nstructures.RoleAssignment {
|
||||
return nstructures.RoleAssignment{
|
||||
Role: model.Role{
|
||||
AccountRef: accountRef,
|
||||
@@ -215,7 +215,7 @@ func createTestRoleAssignment(roleRef, accountRef, organizationRef primitive.Obj
|
||||
}
|
||||
}
|
||||
|
||||
func createTestPolicyAssignment(roleRef primitive.ObjectID, action model.Action, effect model.Effect, organizationRef, descriptionRef primitive.ObjectID, objectRef *primitive.ObjectID) nstructures.PolicyAssignment {
|
||||
func createTestPolicyAssignment(roleRef bson.ObjectID, action model.Action, effect model.Effect, organizationRef, descriptionRef bson.ObjectID, objectRef *bson.ObjectID) nstructures.PolicyAssignment {
|
||||
return nstructures.PolicyAssignment{
|
||||
Policy: model.Policy{
|
||||
OrganizationRef: organizationRef,
|
||||
@@ -464,20 +464,20 @@ func TestEnforcer_Enforce(t *testing.T) {
|
||||
|
||||
// Mock implementation for PermissionBoundStorable
|
||||
type MockPermissionBoundStorable struct {
|
||||
id primitive.ObjectID
|
||||
permissionRef primitive.ObjectID
|
||||
organizationRef primitive.ObjectID
|
||||
id bson.ObjectID
|
||||
permissionRef bson.ObjectID
|
||||
organizationRef bson.ObjectID
|
||||
}
|
||||
|
||||
func (m *MockPermissionBoundStorable) GetID() *primitive.ObjectID {
|
||||
func (m *MockPermissionBoundStorable) GetID() *bson.ObjectID {
|
||||
return &m.id
|
||||
}
|
||||
|
||||
func (m *MockPermissionBoundStorable) GetPermissionRef() primitive.ObjectID {
|
||||
func (m *MockPermissionBoundStorable) GetPermissionRef() bson.ObjectID {
|
||||
return m.permissionRef
|
||||
}
|
||||
|
||||
func (m *MockPermissionBoundStorable) GetOrganizationRef() primitive.ObjectID {
|
||||
func (m *MockPermissionBoundStorable) GetOrganizationRef() bson.ObjectID {
|
||||
return m.organizationRef
|
||||
}
|
||||
|
||||
@@ -485,7 +485,7 @@ func (m *MockPermissionBoundStorable) Collection() string {
|
||||
return "test_objects"
|
||||
}
|
||||
|
||||
func (m *MockPermissionBoundStorable) SetID(objID primitive.ObjectID) {
|
||||
func (m *MockPermissionBoundStorable) SetID(objID bson.ObjectID) {
|
||||
m.id = objID
|
||||
}
|
||||
|
||||
@@ -493,11 +493,11 @@ func (m *MockPermissionBoundStorable) Update() {
|
||||
// Do nothing for mock
|
||||
}
|
||||
|
||||
func (m *MockPermissionBoundStorable) SetPermissionRef(permissionRef primitive.ObjectID) {
|
||||
func (m *MockPermissionBoundStorable) SetPermissionRef(permissionRef bson.ObjectID) {
|
||||
m.permissionRef = permissionRef
|
||||
}
|
||||
|
||||
func (m *MockPermissionBoundStorable) SetOrganizationRef(organizationRef primitive.ObjectID) {
|
||||
func (m *MockPermissionBoundStorable) SetOrganizationRef(organizationRef bson.ObjectID) {
|
||||
m.organizationRef = organizationRef
|
||||
}
|
||||
|
||||
@@ -540,7 +540,7 @@ func TestEnforcer_EnforceBatch(t *testing.T) {
|
||||
|
||||
// Mock policy assignment with ALLOW effect
|
||||
policyAssignment := createTestPolicyAssignment(roleRef, model.ActionRead, model.EffectAllow, organizationRef, permissionRef, nil)
|
||||
mockPDB.On("PoliciesForRoles", ctx, []primitive.ObjectID{roleRef}, model.ActionRead).Return([]nstructures.PolicyAssignment{policyAssignment}, nil)
|
||||
mockPDB.On("PoliciesForRoles", ctx, []bson.ObjectID{roleRef}, model.ActionRead).Return([]nstructures.PolicyAssignment{policyAssignment}, nil)
|
||||
|
||||
enforcer := createTestEnforcer(mockPDB, mockRDB)
|
||||
|
||||
|
||||
@@ -3,13 +3,13 @@ package nstructures
|
||||
import (
|
||||
"github.com/tech/sendico/pkg/db/storable"
|
||||
"github.com/tech/sendico/pkg/model"
|
||||
"go.mongodb.org/mongo-driver/bson/primitive"
|
||||
"go.mongodb.org/mongo-driver/v2/bson"
|
||||
)
|
||||
|
||||
type PolicyAssignment struct {
|
||||
storable.Base `bson:",inline" json:",inline"`
|
||||
model.Policy `bson:"policy" json:"policy"`
|
||||
RoleRef primitive.ObjectID `bson:"roleRef" json:"roleRef"`
|
||||
RoleRef bson.ObjectID `bson:"roleRef" json:"roleRef"`
|
||||
}
|
||||
|
||||
func (*PolicyAssignment) Collection() string {
|
||||
|
||||
@@ -9,7 +9,7 @@ import (
|
||||
"github.com/tech/sendico/pkg/mlogger"
|
||||
"github.com/tech/sendico/pkg/model"
|
||||
"github.com/tech/sendico/pkg/mutil/mzap"
|
||||
"go.mongodb.org/mongo-driver/bson/primitive"
|
||||
"go.mongodb.org/mongo-driver/v2/bson"
|
||||
"go.uber.org/zap"
|
||||
)
|
||||
|
||||
@@ -22,7 +22,7 @@ type PermissionManager struct {
|
||||
// GrantToRole adds a permission to a role in Casbin.
|
||||
func (m *PermissionManager) GrantToRole(ctx context.Context, policy *model.RolePolicy) error {
|
||||
objRef := "any"
|
||||
if (policy.ObjectRef != nil) && (*policy.ObjectRef != primitive.NilObjectID) {
|
||||
if (policy.ObjectRef != nil) && (*policy.ObjectRef != bson.NilObjectID) {
|
||||
objRef = policy.ObjectRef.Hex()
|
||||
}
|
||||
|
||||
@@ -67,7 +67,7 @@ func (m *PermissionManager) RevokeFromRole(ctx context.Context, policy *model.Ro
|
||||
// GetPolicies retrieves all policies for a specific role.
|
||||
func (m *PermissionManager) GetPolicies(
|
||||
ctx context.Context,
|
||||
roleRef primitive.ObjectID,
|
||||
roleRef bson.ObjectID,
|
||||
) ([]model.RolePolicy, error) {
|
||||
m.logger.Debug("Fetching policies for role", mzap.ObjRef("role_ref", roleRef))
|
||||
|
||||
|
||||
@@ -10,7 +10,7 @@ import (
|
||||
"github.com/tech/sendico/pkg/mlogger"
|
||||
"github.com/tech/sendico/pkg/model"
|
||||
"github.com/tech/sendico/pkg/mutil/mzap"
|
||||
"go.mongodb.org/mongo-driver/bson/primitive"
|
||||
"go.mongodb.org/mongo-driver/v2/bson"
|
||||
"go.uber.org/zap"
|
||||
)
|
||||
|
||||
@@ -19,11 +19,11 @@ type RoleManager struct {
|
||||
logger mlogger.Logger
|
||||
enforcer *Enforcer
|
||||
rdb role.DB
|
||||
rolePermissionRef primitive.ObjectID
|
||||
rolePermissionRef bson.ObjectID
|
||||
}
|
||||
|
||||
// NewRoleManager creates a new RoleManager.
|
||||
func NewRoleManager(logger mlogger.Logger, enforcer *Enforcer, rolePermissionRef primitive.ObjectID, rdb role.DB) *RoleManager {
|
||||
func NewRoleManager(logger mlogger.Logger, enforcer *Enforcer, rolePermissionRef bson.ObjectID, rdb role.DB) *RoleManager {
|
||||
return &RoleManager{
|
||||
logger: logger.Named("role"),
|
||||
enforcer: enforcer,
|
||||
@@ -33,7 +33,7 @@ func NewRoleManager(logger mlogger.Logger, enforcer *Enforcer, rolePermissionRef
|
||||
}
|
||||
|
||||
// validateObjectIDs ensures that all provided ObjectIDs are non-zero.
|
||||
func (rm *RoleManager) validateObjectIDs(ids ...primitive.ObjectID) error {
|
||||
func (rm *RoleManager) validateObjectIDs(ids ...bson.ObjectID) error {
|
||||
for _, id := range ids {
|
||||
if id.IsZero() {
|
||||
return merrors.InvalidArgument("Object references cannot be zero", "objectRef")
|
||||
@@ -43,7 +43,7 @@ func (rm *RoleManager) validateObjectIDs(ids ...primitive.ObjectID) error {
|
||||
}
|
||||
|
||||
// fetchRolesFromPolicies retrieves and converts policies to roles.
|
||||
func (rm *RoleManager) fetchRolesFromPolicies(roles []nstructures.RoleAssignment, organizationRef primitive.ObjectID) []model.RoleDescription {
|
||||
func (rm *RoleManager) fetchRolesFromPolicies(roles []nstructures.RoleAssignment, organizationRef bson.ObjectID) []model.RoleDescription {
|
||||
result := make([]model.RoleDescription, len(roles))
|
||||
for i, role := range roles {
|
||||
result[i] = model.RoleDescription{
|
||||
@@ -55,7 +55,7 @@ func (rm *RoleManager) fetchRolesFromPolicies(roles []nstructures.RoleAssignment
|
||||
}
|
||||
|
||||
// Create creates a new role in an organization.
|
||||
func (rm *RoleManager) Create(ctx context.Context, organizationRef primitive.ObjectID, description *model.Describable) (*model.RoleDescription, error) {
|
||||
func (rm *RoleManager) Create(ctx context.Context, organizationRef bson.ObjectID, description *model.Describable) (*model.RoleDescription, error) {
|
||||
if err := rm.validateObjectIDs(organizationRef); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -84,7 +84,7 @@ func (rm *RoleManager) Assign(ctx context.Context, role *model.Role) error {
|
||||
}
|
||||
|
||||
// Delete removes a role entirely and cleans up associated Casbin policies.
|
||||
func (rm *RoleManager) Delete(ctx context.Context, roleRef primitive.ObjectID) error {
|
||||
func (rm *RoleManager) Delete(ctx context.Context, roleRef bson.ObjectID) error {
|
||||
if err := rm.validateObjectIDs(roleRef); err != nil {
|
||||
rm.logger.Warn("Failed to delete role", mzap.ObjRef("role_ref", roleRef))
|
||||
return err
|
||||
@@ -105,7 +105,7 @@ func (rm *RoleManager) Delete(ctx context.Context, roleRef primitive.ObjectID) e
|
||||
}
|
||||
|
||||
// Revoke removes a role from a user.
|
||||
func (rm *RoleManager) Revoke(ctx context.Context, roleRef, accountRef, organizationRef primitive.ObjectID) error {
|
||||
func (rm *RoleManager) Revoke(ctx context.Context, roleRef, accountRef, organizationRef bson.ObjectID) error {
|
||||
if err := rm.validateObjectIDs(roleRef, accountRef, organizationRef); err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -115,7 +115,7 @@ func (rm *RoleManager) Revoke(ctx context.Context, roleRef, accountRef, organiza
|
||||
}
|
||||
|
||||
// logPolicyResult logs results for Assign and Revoke.
|
||||
func (rm *RoleManager) logPolicyResult(action string, result bool, err error, roleRef, accountRef, organizationRef primitive.ObjectID) error {
|
||||
func (rm *RoleManager) logPolicyResult(action string, result bool, err error, roleRef, accountRef, organizationRef bson.ObjectID) error {
|
||||
if err != nil {
|
||||
rm.logger.Warn("Failed to "+action+" role", zap.Error(err), mzap.ObjRef("role_ref", roleRef), mzap.ObjRef("account_ref", accountRef), mzap.ObjRef("organization_ref", organizationRef))
|
||||
return err
|
||||
@@ -129,7 +129,7 @@ func (rm *RoleManager) logPolicyResult(action string, result bool, err error, ro
|
||||
}
|
||||
|
||||
// List retrieves all roles in an organization or all roles if organizationRef is zero.
|
||||
func (rm *RoleManager) List(ctx context.Context, organizationRef primitive.ObjectID) ([]model.RoleDescription, error) {
|
||||
func (rm *RoleManager) List(ctx context.Context, organizationRef bson.ObjectID) ([]model.RoleDescription, error) {
|
||||
roles4Venues, err := rm.enforcer.rdb.RolesForVenue(ctx, organizationRef)
|
||||
if err != nil {
|
||||
rm.logger.Warn("Failed to fetch grouping policies", zap.Error(err), mzap.ObjRef("organization_ref", organizationRef))
|
||||
|
||||
Reference in New Issue
Block a user