MetzNet
/
graphvent
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added DependencyPolicy

graph-rework-2
noah metz 2023-07-24 01:12:30 -06:00
parent a97b47af1b
commit 3ce1e3ad91
3 changed files with 38 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
context.go
Unescape Escape View File

@ -203,6 +203,10 @@ func NewContext(db * badger.DB, log Logger) * Context {
if err != nil { if err != nil {
panic(err) panic(err)
} }
err = ctx.RegisterNodeType(NewNodeDef((*DependencyPolicy)(nil), LoadSimplePolicy, GQLTypeGraphNode.Type))
if err != nil {
panic(err)
}
ctx.AddGQLType(GQLTypeSignal.Type) ctx.AddGQLType(GQLTypeSignal.Type)

2
node.go
Unescape Escape View File

@ -109,7 +109,7 @@ func (node *GraphNode) Allowed(context *StateContext, resource string, action st
return nil return nil
} }
for _, policy := range(node.policies) { for _, policy := range(node.policies) {
if policy.Allows(resource, action, princ) == true { if policy.Allows(node, resource, action, princ) == true {
context.Graph.Log.Logf("policy", "POLICY_CHECK_PASS: %s %s.%s.%s", princ.ID(), node.ID(), resource, action) context.Graph.Log.Logf("policy", "POLICY_CHECK_PASS: %s %s.%s.%s", princ.ID(), node.ID(), resource, action)
return nil return nil
} }

37
policy.go
Unescape Escape View File

@ -8,7 +8,7 @@ import (
type Policy interface { type Policy interface {
Node Node
// Returns true if the principal is allowed to perform the action on the resource // Returns true if the principal is allowed to perform the action on the resource
Allows(resource string, action string, principal Node) bool Allows(node Node, resource string, action string, principal Node) bool
} }
type NodeActions map[string][]string type NodeActions map[string][]string
@ -108,7 +108,7 @@ func LoadPerNodePolicy(ctx *Context, id NodeID, data []byte, nodes NodeMap) (Nod
return &policy, nil return &policy, nil
} }
func (policy *PerNodePolicy) Allows(resource string, action string, principal Node) bool { func (policy *PerNodePolicy) Allows(node Node, resource string, action string, principal Node) bool {
node_actions, exists := policy.Actions[principal.ID()] node_actions, exists := policy.Actions[principal.ID()]
if exists == false { if exists == false {
return false return false
@ -171,7 +171,7 @@ func LoadSimplePolicy(ctx *Context, id NodeID, data []byte, nodes NodeMap) (Node
return &policy, nil return &policy, nil
} }
func (policy *SimplePolicy) Allows(resource string, action string, principal Node) bool { func (policy *SimplePolicy) Allows(node Node, resource string, action string, principal Node) bool {
return policy.Actions.Allows(resource, action) return policy.Actions.Allows(resource, action)
} }
@ -235,7 +235,7 @@ func LoadPerTagPolicy(ctx *Context, id NodeID, data []byte, nodes NodeMap) (Node
return &policy, nil return &policy, nil
} }
func (policy *PerTagPolicy) Allows(resource string, action string, principal Node) bool { func (policy *PerTagPolicy) Allows(node Node, resource string, action string, principal Node) bool {
user, ok := principal.(*User) user, ok := principal.(*User)
if ok == false { if ok == false {
return false return false
@ -252,3 +252,32 @@ func (policy *PerTagPolicy) Allows(resource string, action string, principal Nod
return false return false
} }
type DependencyPolicy struct {
SimplePolicy
}
func (policy *DependencyPolicy) Type() NodeType {
return NodeType("parent_policy")
}
func NewDependencyPolicy(id NodeID, actions NodeActions) DependencyPolicy {
return DependencyPolicy{
SimplePolicy: NewSimplePolicy(id, actions),
}
}
func (policy *DependencyPolicy) Allows(node Node, resource string, action string, principal Node) bool {
lockable, ok := node.(Lockable)
if ok == false {
return false
}
for _, req := range(lockable.Requirements()) {
if req.ID() == principal.ID() {
return policy.Actions.Allows(resource, action)
}
}
return false
}