opensource/supermq
1
0
Fork 0
mirror of https://github.com/absmach/supermq.git synced 2026-06-23 04:20:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
9a3a07cd2e102f34a7fdd058c6cdb8c7df2451a4
supermq/reports/middleware/authorization.go
T
Steve Munene 9a3a07cd2e NOISSUE - Update Authorization method (#418) 
* fix authorization

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* fetch supermq

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* address comments

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* fetch supermq

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

---------

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
2026-03-02 12:55:07 +01:00

177 lines
6.5 KiB
Go
Raw Blame History

// Copyright (c) Abstract Machines
// SPDX-License-Identifier: Apache-2.0
package middleware
import (
"context"
"github.com/absmach/magistrala/reports"
"github.com/absmach/supermq/pkg/authn"
smqauthz "github.com/absmach/supermq/pkg/authz"
"github.com/absmach/supermq/pkg/errors"
"github.com/absmach/supermq/pkg/permissions"
"github.com/absmach/supermq/pkg/policies"
)
var (
errDomainCreateConfigs = errors.New("not authorized to create report configs in domain")
errDomainViewConfigs = errors.New("not authorized to view report configs in domain")
errDomainUpdateConfigs = errors.New("not authorized to update report configs in domain")
errDomainDeleteConfigs = errors.New("not authorized to delete report configs in domain")
errDomainGenerateReports = errors.New("not authorized to generate reports in domain")
errDomainUpdateTemplates = errors.New("not authorized to update report templates in domain")
errDomainRemoveTemplates = errors.New("not authorized to delete report templates in domain")
errDomainViewTemplates = errors.New("not authorized to view report templates in domain")
)
type authorizationMiddleware struct {
svc reports.Service
authz smqauthz.Authorization
}
// AuthorizationMiddleware adds authorization to the reports service.
func AuthorizationMiddleware(svc reports.Service, authz smqauthz.Authorization) (reports.Service, error) {
return &authorizationMiddleware{
svc: svc,
authz: authz,
}, nil
}
func (am *authorizationMiddleware) AddReportConfig(ctx context.Context, session authn.Session, cfg reports.ReportConfig) (reports.ReportConfig, error) {
if err := am.authorize(ctx, reports.OpAddReportConfig, session); err != nil {
return reports.ReportConfig{}, errors.Wrap(errDomainCreateConfigs, err)
}
return am.svc.AddReportConfig(ctx, session, cfg)
}
func (am *authorizationMiddleware) ViewReportConfig(ctx context.Context, session authn.Session, id string) (reports.ReportConfig, error) {
if err := am.authorize(ctx, reports.OpViewReportConfig, session); err != nil {
return reports.ReportConfig{}, errors.Wrap(errDomainViewConfigs, err)
}
return am.svc.ViewReportConfig(ctx, session, id)
}
func (am *authorizationMiddleware) UpdateReportConfig(ctx context.Context, session authn.Session, cfg reports.ReportConfig) (reports.ReportConfig, error) {
if err := am.authorize(ctx, reports.OpUpdateReportConfig, session); err != nil {
return reports.ReportConfig{}, errors.Wrap(errDomainUpdateConfigs, err)
}
return am.svc.UpdateReportConfig(ctx, session, cfg)
}
func (am *authorizationMiddleware) UpdateReportSchedule(ctx context.Context, session authn.Session, cfg reports.ReportConfig) (reports.ReportConfig, error) {
if err := am.authorize(ctx, reports.OpUpdateReportSchedule, session); err != nil {
return reports.ReportConfig{}, errors.Wrap(errDomainDeleteConfigs, err)
}
return am.svc.UpdateReportSchedule(ctx, session, cfg)
}
func (am *authorizationMiddleware) RemoveReportConfig(ctx context.Context, session authn.Session, id string) error {
if err := am.authorize(ctx, reports.OpRemoveReportConfig, session); err != nil {
return errors.Wrap(errDomainDeleteConfigs, err)
}
return am.svc.RemoveReportConfig(ctx, session, id)
}
func (am *authorizationMiddleware) ListReportsConfig(ctx context.Context, session authn.Session, pm reports.PageMeta) (reports.ReportConfigPage, error) {
if err := am.authorize(ctx, reports.OpListReportsConfig, session); err != nil {
return reports.ReportConfigPage{}, errors.Wrap(errDomainViewConfigs, err)
}
return am.svc.ListReportsConfig(ctx, session, pm)
}
func (am *authorizationMiddleware) EnableReportConfig(ctx context.Context, session authn.Session, id string) (reports.ReportConfig, error) {
if err := am.authorize(ctx, reports.OpEnableReportConfig, session); err != nil {
return reports.ReportConfig{}, errors.Wrap(errDomainUpdateConfigs, err)
}
return am.svc.EnableReportConfig(ctx, session, id)
}
func (am *authorizationMiddleware) DisableReportConfig(ctx context.Context, session authn.Session, id string) (reports.ReportConfig, error) {
if err := am.authorize(ctx, reports.OpDisableReportConfig, session); err != nil {
return reports.ReportConfig{}, errors.Wrap(errDomainUpdateConfigs, err)
}
return am.svc.DisableReportConfig(ctx, session, id)
}
func (am *authorizationMiddleware) GenerateReport(ctx context.Context, session authn.Session, config reports.ReportConfig, action reports.ReportAction) (reports.ReportPage, error) {
if err := am.authorize(ctx, reports.OpGenerateReport, session); err != nil {
return reports.ReportPage{}, errors.Wrap(errDomainGenerateReports, err)
}
return am.svc.GenerateReport(ctx, session, config, action)
}
func (am *authorizationMiddleware) UpdateReportTemplate(ctx context.Context, session authn.Session, cfg reports.ReportConfig) error {
if err := am.authorize(ctx, reports.OpUpdateReportTemplate, session); err != nil {
return errors.Wrap(errDomainUpdateTemplates, err)
}
return am.svc.UpdateReportTemplate(ctx, session, cfg)
}
func (am *authorizationMiddleware) ViewReportTemplate(ctx context.Context, session authn.Session, id string) (reports.ReportTemplate, error) {
if err := am.authorize(ctx, reports.OpViewReportTemplate, session); err != nil {
return "", errors.Wrap(errDomainViewTemplates, err)
}
return am.svc.ViewReportTemplate(ctx, session, id)
}
func (am *authorizationMiddleware) DeleteReportTemplate(ctx context.Context, session authn.Session, id string) error {
if err := am.authorize(ctx, reports.OpDeleteReportTemplate, session); err != nil {
return errors.Wrap(errDomainRemoveTemplates, err)
}
return am.svc.DeleteReportTemplate(ctx, session, id)
}
func (am *authorizationMiddleware) StartScheduler(ctx context.Context) error {
return am.svc.StartScheduler(ctx)
}
func (am *authorizationMiddleware) authorize(ctx context.Context, op permissions.Operation, session authn.Session) error {
perm, err := reports.GetPermission(op)
if err != nil {
return err
}
pr := smqauthz.PolicyReq{
Domain: session.DomainID,
SubjectType: policies.UserType,
SubjectKind: policies.UsersKind,
Subject: session.DomainUserID,
Object: session.DomainID,
ObjectType: policies.DomainType,
Permission: perm,
}
var pat *smqauthz.PATReq
if session.PatID != "" {
opName := reports.OperationName(op)
pat = &smqauthz.PATReq{
UserID: session.UserID,
PatID: session.PatID,
EntityID: session.DomainID,
EntityType: reports.EntityType,
Operation: opName,
Domain: session.DomainID,
}
}
if err := am.authz.Authorize(ctx, pr, pat); err != nil {
return err
}
return nil
}
Reference in New Issue View Git Blame Copy Permalink