norman/authorization/all.go

package authorization

import (
	"net/http"

	"github.com/rancher/norman/httperror"
	"github.com/rancher/norman/types"
	"github.com/rancher/norman/types/slice"
)

type AllAccess struct {
}

func (*AllAccess) CanCreate(apiContext *types.APIContext, schema *types.Schema) error {
	if slice.ContainsString(schema.CollectionMethods, http.MethodPost) {
		return nil
	}
	return httperror.NewAPIError(httperror.PermissionDenied, "can not create "+schema.ID)
}

func (*AllAccess) CanGet(apiContext *types.APIContext, schema *types.Schema) error {
	if slice.ContainsString(schema.ResourceMethods, http.MethodGet) {
		return nil
	}
	return httperror.NewAPIError(httperror.PermissionDenied, "can not get "+schema.ID)
}

func (*AllAccess) CanList(apiContext *types.APIContext, schema *types.Schema) error {
	if slice.ContainsString(schema.CollectionMethods, http.MethodGet) {
		return nil
	}
	return httperror.NewAPIError(httperror.PermissionDenied, "can not list "+schema.ID)
}

func (*AllAccess) CanUpdate(apiContext *types.APIContext, obj map[string]interface{}, schema *types.Schema) error {
	if slice.ContainsString(schema.ResourceMethods, http.MethodPut) {
		return nil
	}
	return httperror.NewAPIError(httperror.PermissionDenied, "can not update "+schema.ID)
}

func (*AllAccess) CanDelete(apiContext *types.APIContext, obj map[string]interface{}, schema *types.Schema) error {
	if slice.ContainsString(schema.ResourceMethods, http.MethodDelete) {
		return nil
	}
	return httperror.NewAPIError(httperror.PermissionDenied, "can not delete "+schema.ID)
}

func (*AllAccess) CanDo(apiGroup, resource, verb string, apiContext *types.APIContext, obj map[string]interface{}, schema *types.Schema) error {
	if slice.ContainsString(schema.ResourceMethods, verb) {
		return nil
	}
	return httperror.NewAPIError(httperror.PermissionDenied, "can not perform "+verb+" "+schema.ID)
}

func (*AllAccess) Filter(apiContext *types.APIContext, schema *types.Schema, obj map[string]interface{}, context map[string]string) map[string]interface{} {
	return obj
}

func (*AllAccess) FilterList(apiContext *types.APIContext, schema *types.Schema, obj []map[string]interface{}, context map[string]string) []map[string]interface{} {
	return obj
}
More initial dev 2017-11-11 04:44:02 +00:00			`package authorization`

			`import (`
			`"net/http"`

Refactor access control to return error not bool 2018-03-31 07:13:30 +00:00			`"github.com/rancher/norman/httperror"`
More initial dev 2017-11-11 04:44:02 +00:00			`"github.com/rancher/norman/types"`
Enable access control 2017-12-18 20:56:50 +00:00			`"github.com/rancher/norman/types/slice"`
More initial dev 2017-11-11 04:44:02 +00:00			`)`

			`type AllAccess struct {`
			`}`

Refactor access control to return error not bool 2018-03-31 07:13:30 +00:00			`func (AllAccess) CanCreate(apiContext types.APIContext, schema *types.Schema) error {`
			`if slice.ContainsString(schema.CollectionMethods, http.MethodPost) {`
			`return nil`
			`}`
			`return httperror.NewAPIError(httperror.PermissionDenied, "can not create "+schema.ID)`
More initial dev 2017-11-11 04:44:02 +00:00			`}`

Refactor access control to return error not bool 2018-03-31 07:13:30 +00:00			`func (AllAccess) CanGet(apiContext types.APIContext, schema *types.Schema) error {`
			`if slice.ContainsString(schema.ResourceMethods, http.MethodGet) {`
			`return nil`
			`}`
			`return httperror.NewAPIError(httperror.PermissionDenied, "can not get "+schema.ID)`
Distinguish between listing and getting We now have resources (subtypes of authConfig) that can be retrieved by ID but their collections are not viewable. This change is needed to suppport that. 2018-02-01 02:14:35 +00:00			`}`

Refactor access control to return error not bool 2018-03-31 07:13:30 +00:00			`func (AllAccess) CanList(apiContext types.APIContext, schema *types.Schema) error {`
			`if slice.ContainsString(schema.CollectionMethods, http.MethodGet) {`
			`return nil`
			`}`
			`return httperror.NewAPIError(httperror.PermissionDenied, "can not list "+schema.ID)`
Enable access control 2017-12-18 20:56:50 +00:00			`}`

Refactor access control to return error not bool 2018-03-31 07:13:30 +00:00			`func (AllAccess) CanUpdate(apiContext types.APIContext, obj map[string]interface{}, schema *types.Schema) error {`
			`if slice.ContainsString(schema.ResourceMethods, http.MethodPut) {`
			`return nil`
			`}`
			`return httperror.NewAPIError(httperror.PermissionDenied, "can not update "+schema.ID)`
Enable access control 2017-12-18 20:56:50 +00:00			`}`

Refactor access control to return error not bool 2018-03-31 07:13:30 +00:00			`func (AllAccess) CanDelete(apiContext types.APIContext, obj map[string]interface{}, schema *types.Schema) error {`
			`if slice.ContainsString(schema.ResourceMethods, http.MethodDelete) {`
			`return nil`
			`}`
			`return httperror.NewAPIError(httperror.PermissionDenied, "can not delete "+schema.ID)`
Enable access control 2017-12-18 20:56:50 +00:00			`}`

Add CanDo function to AccessControl interface Enables us to authorize actions and links 2018-04-25 19:16:16 +00:00			`func (AllAccess) CanDo(apiGroup, resource, verb string, apiContext types.APIContext, obj map[string]interface{}, schema *types.Schema) error {`
			`if slice.ContainsString(schema.ResourceMethods, verb) {`
			`return nil`
			`}`
			`return httperror.NewAPIError(httperror.PermissionDenied, "can not perform "+verb+" "+schema.ID)`
			`}`

Pass in schema to Filter/FilterList 2018-03-03 06:09:47 +00:00			`func (AllAccess) Filter(apiContext types.APIContext, schema *types.Schema, obj map[string]interface{}, context map[string]string) map[string]interface{} {`
Enable access control 2017-12-18 20:56:50 +00:00			`return obj`
			`}`

Pass in schema to Filter/FilterList 2018-03-03 06:09:47 +00:00			`func (AllAccess) FilterList(apiContext types.APIContext, schema *types.Schema, obj []map[string]interface{}, context map[string]string) []map[string]interface{} {`
Enable access control 2017-12-18 20:56:50 +00:00			`return obj`
More initial dev 2017-11-11 04:44:02 +00:00			`}`