mirror of
https://github.com/mainflux/mainflux.git
synced 2025-04-29 13:49:28 +08:00
b78928c998
* allow admin to fetch all things Signed-off-by: Burak Sekili <buraksekili@gmail.com> * enable users to fetch their own things via owner field in db Signed-off-by: Burak Sekili <buraksekili@gmail.com> * add listpolicies RPC Signed-off-by: Burak Sekili <buraksekili@gmail.com> * add listPolicies gRPC methods for client and server, and update keto initialization Signed-off-by: Burak Sekili <buraksekili@gmail.com> * update fetching things method Signed-off-by: Burak Sekili <buraksekili@gmail.com> * remove log Signed-off-by: Burak Sekili <buraksekili@gmail.com> * update retrieving policies Signed-off-by: Burak Sekili <buraksekili@gmail.com> * fix linter error Signed-off-by: Burak Sekili <buraksekili@gmail.com> * update mock Signed-off-by: Burak Sekili <buraksekili@gmail.com> * remove checking subject set while parsing subject sets Signed-off-by: Burak Sekili <buraksekili@gmail.com> * move subject declaration to constant value Signed-off-by: Burak Sekili <buraksekili@gmail.com>
164 lines
3.9 KiB
Go
164 lines
3.9 KiB
Go
// Copyright (c) Mainflux
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
package grpc
|
|
|
|
import (
|
|
"context"
|
|
"time"
|
|
|
|
"github.com/go-kit/kit/endpoint"
|
|
"github.com/mainflux/mainflux/auth"
|
|
)
|
|
|
|
func issueEndpoint(svc auth.Service) endpoint.Endpoint {
|
|
return func(ctx context.Context, request interface{}) (interface{}, error) {
|
|
req := request.(issueReq)
|
|
if err := req.validate(); err != nil {
|
|
return issueRes{}, err
|
|
}
|
|
|
|
key := auth.Key{
|
|
Type: req.keyType,
|
|
Subject: req.email,
|
|
IssuerID: req.id,
|
|
IssuedAt: time.Now().UTC(),
|
|
}
|
|
|
|
_, secret, err := svc.Issue(ctx, "", key)
|
|
if err != nil {
|
|
return issueRes{}, err
|
|
}
|
|
|
|
return issueRes{secret}, nil
|
|
}
|
|
}
|
|
|
|
func identifyEndpoint(svc auth.Service) endpoint.Endpoint {
|
|
return func(ctx context.Context, request interface{}) (interface{}, error) {
|
|
req := request.(identityReq)
|
|
if err := req.validate(); err != nil {
|
|
return identityRes{}, err
|
|
}
|
|
|
|
id, err := svc.Identify(ctx, req.token)
|
|
if err != nil {
|
|
return identityRes{}, err
|
|
}
|
|
|
|
ret := identityRes{
|
|
id: id.ID,
|
|
email: id.Email,
|
|
}
|
|
return ret, nil
|
|
}
|
|
}
|
|
|
|
func authorizeEndpoint(svc auth.Service) endpoint.Endpoint {
|
|
return func(ctx context.Context, request interface{}) (interface{}, error) {
|
|
req := request.(authReq)
|
|
|
|
if err := req.validate(); err != nil {
|
|
return authorizeRes{}, err
|
|
}
|
|
|
|
err := svc.Authorize(ctx, auth.PolicyReq{Subject: req.Sub, Object: req.Obj, Relation: req.Act})
|
|
if err != nil {
|
|
return authorizeRes{}, err
|
|
}
|
|
return authorizeRes{authorized: true}, err
|
|
}
|
|
}
|
|
|
|
func addPolicyEndpoint(svc auth.Service) endpoint.Endpoint {
|
|
return func(ctx context.Context, request interface{}) (interface{}, error) {
|
|
req := request.(addPolicyReq)
|
|
if err := req.validate(); err != nil {
|
|
return addPolicyRes{}, err
|
|
}
|
|
|
|
err := svc.AddPolicy(ctx, auth.PolicyReq{Subject: req.Sub, Object: req.Obj, Relation: req.Act})
|
|
if err != nil {
|
|
return addPolicyRes{}, err
|
|
}
|
|
return addPolicyRes{authorized: true}, err
|
|
}
|
|
}
|
|
|
|
func deletePolicyEndpoint(svc auth.Service) endpoint.Endpoint {
|
|
return func(ctx context.Context, request interface{}) (interface{}, error) {
|
|
req := request.(deletePolicyReq)
|
|
if err := req.validate(); err != nil {
|
|
return deletePolicyRes{}, err
|
|
}
|
|
|
|
err := svc.DeletePolicy(ctx, auth.PolicyReq{Subject: req.Sub, Object: req.Obj, Relation: req.Act})
|
|
if err != nil {
|
|
return deletePolicyRes{}, err
|
|
}
|
|
return deletePolicyRes{deleted: true}, nil
|
|
}
|
|
}
|
|
|
|
func listPoliciesEndpoint(svc auth.Service) endpoint.Endpoint {
|
|
return func(ctx context.Context, request interface{}) (interface{}, error) {
|
|
req := request.(listPoliciesReq)
|
|
|
|
page, err := svc.ListPolicies(ctx, auth.PolicyReq{Subject: req.Sub, Object: req.Obj, Relation: req.Act})
|
|
if err != nil {
|
|
return deletePolicyRes{}, err
|
|
}
|
|
return listPoliciesRes{policies: page.Policies}, nil
|
|
}
|
|
}
|
|
|
|
func assignEndpoint(svc auth.Service) endpoint.Endpoint {
|
|
return func(ctx context.Context, request interface{}) (interface{}, error) {
|
|
req := request.(assignReq)
|
|
|
|
if err := req.validate(); err != nil {
|
|
return emptyRes{}, err
|
|
}
|
|
|
|
_, err := svc.Identify(ctx, req.token)
|
|
if err != nil {
|
|
return emptyRes{}, err
|
|
}
|
|
|
|
err = svc.Assign(ctx, req.token, req.memberID, req.groupID, req.groupType)
|
|
if err != nil {
|
|
return emptyRes{}, err
|
|
}
|
|
return emptyRes{}, nil
|
|
|
|
}
|
|
}
|
|
|
|
func membersEndpoint(svc auth.Service) endpoint.Endpoint {
|
|
return func(ctx context.Context, request interface{}) (interface{}, error) {
|
|
req := request.(membersReq)
|
|
if err := req.validate(); err != nil {
|
|
return membersRes{}, err
|
|
}
|
|
|
|
pm := auth.PageMetadata{
|
|
Offset: req.offset,
|
|
Limit: req.limit,
|
|
}
|
|
mp, err := svc.ListMembers(ctx, req.token, req.groupID, req.memberType, pm)
|
|
if err != nil {
|
|
return membersRes{}, err
|
|
}
|
|
var members []string
|
|
for _, m := range mp.Members {
|
|
members = append(members, m.ID)
|
|
}
|
|
return membersRes{
|
|
offset: req.offset,
|
|
limit: req.limit,
|
|
total: mp.PageMetadata.Total,
|
|
members: members,
|
|
}, nil
|
|
}
|
|
}
|