opensource/magistrala
1
0
Fork 0
mirror of https://github.com/absmach/magistrala.git synced 2026-06-23 04:10:28 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
main
magistrala/journal/middleware/authorization.go
T
Dušan Borovčanin 61d0427898 NOISSUE - Rename to Magistrala (#3427) 
Signed-off-by: dusan <borovcanindusan1@gmail.com>
2026-04-06 15:23:42 +02:00

85 lines
2.3 KiB
Go
Raw Permalink Blame History

// Copyright (c) Abstract Machines
// SPDX-License-Identifier: Apache-2.0
package middleware
import (
"context"
"github.com/absmach/magistrala/journal"
smqauthn "github.com/absmach/magistrala/pkg/authn"
smqauthz "github.com/absmach/magistrala/pkg/authz"
"github.com/absmach/magistrala/pkg/policies"
)
var (
_ journal.Service = (*authorizationMiddleware)(nil)
readPermission = "read_permission"
)
type authorizationMiddleware struct {
svc journal.Service
authz smqauthz.Authorization
}
// NewAuthorization adds authorization to the journal service.
func NewAuthorization(svc journal.Service, authz smqauthz.Authorization) journal.Service {
return &authorizationMiddleware{
svc: svc,
authz: authz,
}
}
func (am *authorizationMiddleware) Save(ctx context.Context, journal journal.Journal) error {
return am.svc.Save(ctx, journal)
}
func (am *authorizationMiddleware) RetrieveAll(ctx context.Context, session smqauthn.Session, page journal.Page) (journal.JournalsPage, error) {
permission := readPermission
objectType := page.EntityType.String()
object := page.EntityID
subject := session.DomainUserID
// If the entity is a user, we need to check if the user is an admin
if page.EntityType.String() == policies.UserType {
permission = policies.AdminPermission
objectType = policies.PlatformType
object = policies.MagistralaObject
subject = session.UserID
}
req := smqauthz.PolicyReq{
Domain: session.DomainID,
SubjectType: policies.UserType,
SubjectKind: policies.UsersKind,
Subject: subject,
Permission: permission,
ObjectType: objectType,
Object: object,
}
if err := am.authz.Authorize(ctx, req, nil); err != nil {
return journal.JournalsPage{}, err
}
return am.svc.RetrieveAll(ctx, session, page)
}
func (am *authorizationMiddleware) RetrieveClientTelemetry(ctx context.Context, session smqauthn.Session, clientID string) (journal.ClientTelemetry, error) {
req := smqauthz.PolicyReq{
Domain: session.DomainID,
SubjectType: policies.UserType,
SubjectKind: policies.UsersKind,
Subject: session.DomainUserID,
Permission: readPermission,
ObjectType: policies.ClientType,
Object: clientID,
}
if err := am.authz.Authorize(ctx, req, nil); err != nil {
return journal.ClientTelemetry{}, err
}
return am.svc.RetrieveClientTelemetry(ctx, session, clientID)
}
Reference in New Issue View Git Blame Copy Permalink