mirror of
https://github.com/mainflux/mainflux.git
synced 2025-04-27 13:48:49 +08:00
b78928c998
* allow admin to fetch all things Signed-off-by: Burak Sekili <buraksekili@gmail.com> * enable users to fetch their own things via owner field in db Signed-off-by: Burak Sekili <buraksekili@gmail.com> * add listpolicies RPC Signed-off-by: Burak Sekili <buraksekili@gmail.com> * add listPolicies gRPC methods for client and server, and update keto initialization Signed-off-by: Burak Sekili <buraksekili@gmail.com> * update fetching things method Signed-off-by: Burak Sekili <buraksekili@gmail.com> * remove log Signed-off-by: Burak Sekili <buraksekili@gmail.com> * update retrieving policies Signed-off-by: Burak Sekili <buraksekili@gmail.com> * fix linter error Signed-off-by: Burak Sekili <buraksekili@gmail.com> * update mock Signed-off-by: Burak Sekili <buraksekili@gmail.com> * remove checking subject set while parsing subject sets Signed-off-by: Burak Sekili <buraksekili@gmail.com> * move subject declaration to constant value Signed-off-by: Burak Sekili <buraksekili@gmail.com>
78 lines
1.8 KiB
Go
78 lines
1.8 KiB
Go
// Copyright (c) Mainflux
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
package mocks
|
|
|
|
import (
|
|
"context"
|
|
"sync"
|
|
|
|
"github.com/mainflux/mainflux/auth"
|
|
acl "github.com/ory/keto/proto/ory/keto/acl/v1alpha1"
|
|
)
|
|
|
|
type MockSubjectSet struct {
|
|
Object string
|
|
Relation string
|
|
}
|
|
|
|
type policyAgentMock struct {
|
|
mu sync.Mutex
|
|
// authzDb stores 'subject' as a key, and subject policies as a value.
|
|
authzDB map[string][]MockSubjectSet
|
|
}
|
|
|
|
// NewKetoMock returns a mock service for Keto.
|
|
// This mock is not implemented yet.
|
|
func NewKetoMock(db map[string][]MockSubjectSet) auth.PolicyAgent {
|
|
return &policyAgentMock{authzDB: db}
|
|
}
|
|
|
|
func (pa *policyAgentMock) CheckPolicy(ctx context.Context, pr auth.PolicyReq) error {
|
|
pa.mu.Lock()
|
|
defer pa.mu.Unlock()
|
|
|
|
ssList := pa.authzDB[pr.Subject]
|
|
for _, ss := range ssList {
|
|
if ss.Object == pr.Object && ss.Relation == pr.Relation {
|
|
return nil
|
|
}
|
|
}
|
|
return auth.ErrAuthorization
|
|
}
|
|
|
|
func (pa *policyAgentMock) AddPolicy(ctx context.Context, pr auth.PolicyReq) error {
|
|
pa.mu.Lock()
|
|
defer pa.mu.Unlock()
|
|
|
|
pa.authzDB[pr.Subject] = append(pa.authzDB[pr.Subject], MockSubjectSet{Object: pr.Object, Relation: pr.Relation})
|
|
return nil
|
|
}
|
|
|
|
func (pa *policyAgentMock) DeletePolicy(ctx context.Context, pr auth.PolicyReq) error {
|
|
pa.mu.Lock()
|
|
defer pa.mu.Unlock()
|
|
|
|
ssList := pa.authzDB[pr.Subject]
|
|
for k, ss := range ssList {
|
|
if ss.Object == pr.Object && ss.Relation == pr.Relation {
|
|
ssList[k] = MockSubjectSet{}
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (pa *policyAgentMock) RetrievePolicies(ctx context.Context, pr auth.PolicyReq) ([]*acl.RelationTuple, error) {
|
|
pa.mu.Lock()
|
|
defer pa.mu.Unlock()
|
|
|
|
ssList := pa.authzDB[pr.Subject]
|
|
tuple := []*acl.RelationTuple{}
|
|
for _, ss := range ssList {
|
|
if ss.Relation == pr.Relation {
|
|
tuple = append(tuple, &acl.RelationTuple{Object: ss.Object, Relation: ss.Relation})
|
|
}
|
|
}
|
|
return tuple, nil
|
|
}
|