OrgGo/Mainflux.mainflux
1
0
Fork 0
mirror of https://github.com/mainflux/mainflux.git synced 2025-04-29 13:49:28 +08:00
Code Issues Projects Releases Wiki Activity

Fix: user and things authz (#1941)

Browse Source 
Signed-off-by: Arvindh <arvindh91@gmail.com>
This commit is contained in:
Arvindh 2023-10-19 23:21:03 +05:30 committed by GitHub
parent 4ae0feced4
commit a91a8f44d3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
things/service.go
View File

@ -25,6 +25,7 @@ const (
userType = "user" userType = "user"
tokenKind = "token" tokenKind = "token"
userKind = "users"
thingType = "thing" thingType = "thing"
groupType = "group" groupType = "group"
) )
@ -143,7 +144,7 @@ func (svc service) ListClients(ctx context.Context, token string, reqUserID stri
switch { switch {
case (reqUserID != "" && reqUserID != userID): case (reqUserID != "" && reqUserID != userID):
if _, err := svc.authorize(ctx, userType, tokenKind, userID, ownerPermission, userType, reqUserID); err != nil { if _, err := svc.authorize(ctx, userType, userKind, userID, ownerRelation, userType, reqUserID); err != nil {
return mfclients.ClientsPage{}, err return mfclients.ClientsPage{}, err
} }
rtids, err := svc.listClientIDs(ctx, reqUserID, pm.Permission) rtids, err := svc.listClientIDs(ctx, reqUserID, pm.Permission)

8
users/service.go
View File

@ -22,6 +22,7 @@ const (
userKind = "users" userKind = "users"
tokenKind = "token" tokenKind = "token"
thingsKind = "things" thingsKind = "things"
groupsKind = "groups"
userType = "user" userType = "user"
groupType = "group" groupType = "group"
@ -385,14 +386,19 @@ func (svc service) changeClientStatus(ctx context.Context, token string, client
func (svc service) ListMembers(ctx context.Context, token, objectKind string, objectID string, pm mfclients.Page) (mfclients.MembersPage, error) { func (svc service) ListMembers(ctx context.Context, token, objectKind string, objectID string, pm mfclients.Page) (mfclients.MembersPage, error) {
var objectType string var objectType string
var authzPerm string
switch objectKind { switch objectKind {
case thingsKind: case thingsKind:
objectType = thingType objectType = thingType
authzPerm = pm.Permission
case groupsKind:
fallthrough
default: default:
objectType = groupType objectType = groupType
authzPerm = auth.SwitchToPermission(pm.Permission)
} }
if _, err := svc.authorize(ctx, userType, tokenKind, token, auth.SwitchToPermission(pm.Permission), objectType, objectID); err != nil { if _, err := svc.authorize(ctx, userType, tokenKind, token, authzPerm, objectType, objectID); err != nil {
return mfclients.MembersPage{}, err return mfclients.MembersPage{}, err
} }
uids, err := svc.auth.ListAllSubjects(ctx, &mainflux.ListSubjectsReq{ uids, err := svc.auth.ListAllSubjects(ctx, &mainflux.ListSubjectsReq{