From 6bd009b43e68919d7b3f3e5fd966d17ea2c0fe6c Mon Sep 17 00:00:00 2001 From: Noah Metz Date: Fri, 21 Jul 2023 13:34:47 -0600 Subject: [PATCH] Changed ACL to get passed entire node attempting action instead of just ID --- gql_graph.go | 4 ++-- node.go | 6 +++--- policy.go | 8 ++++---- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/gql_graph.go b/gql_graph.go index ba504d4..1284d08 100644 --- a/gql_graph.go +++ b/gql_graph.go @@ -899,7 +899,7 @@ func GQLMutationSendUpdate() *graphql.Field { return nil, err } - err = server.Allowed("signal", "self", user.ID()) + err = server.Allowed("signal", "self", user) if err != nil { return nil, err } @@ -981,7 +981,7 @@ func GQLQuerySelf() *graphql.Field { return nil, err } - err = server.Allowed("enumerate", "self", user.ID()) + err = server.Allowed("enumerate", "self", user) if err != nil { return nil, fmt.Errorf("User %s is not allowed to perform self.enumerate on %s", user.ID(), server.ID()) } diff --git a/node.go b/node.go index 6fd863e..f0a99fc 100644 --- a/node.go +++ b/node.go @@ -69,7 +69,7 @@ type Node interface { ID() NodeID Type() NodeType - Allowed(action string, resource string, principal NodeID) error + Allowed(action string, resource string, principal Node) error AddPolicy(Policy) error RemovePolicy(Policy) error @@ -100,13 +100,13 @@ func (node * GraphNode) Serialize() ([]byte, error) { return json.MarshalIndent(&node_json, "", " ") } -func (node *GraphNode) Allowed(action string, resource string, principal NodeID) error { +func (node *GraphNode) Allowed(action string, resource string, principal Node) error { for _, policy := range(node.policies) { if policy.Allows(action, resource, principal) == true { return nil } } - return fmt.Errorf("%s is not allowed to perform %s.%s on %s", principal.String(), resource, action, node.ID().String()) + return fmt.Errorf("%s is not allowed to perform %s.%s on %s", principal.ID().String(), resource, action, node.ID().String()) } func (node *GraphNode) AddPolicy(policy Policy) error { diff --git a/policy.go b/policy.go index 4804784..e10d552 100644 --- a/policy.go +++ b/policy.go @@ -8,7 +8,7 @@ import ( type Policy interface { Node // Returns true if the principal is allowed to perform the action on the resource - Allows(action string, resource string, principal NodeID) bool + Allows(action string, resource string, principal Node) bool } type NodeActions map[string][]string @@ -108,8 +108,8 @@ func LoadPerNodePolicy(ctx *Context, id NodeID, data []byte, nodes NodeMap) (Nod return &policy, nil } -func (policy *PerNodePolicy) Allows(action string, resource string, principal NodeID) bool { - node_actions, exists := policy.Actions[principal] +func (policy *PerNodePolicy) Allows(action string, resource string, principal Node) bool { + node_actions, exists := policy.Actions[principal.ID()] if exists == false { return false } @@ -171,7 +171,7 @@ func LoadSimplePolicy(ctx *Context, id NodeID, data []byte, nodes NodeMap) (Node return &policy, nil } -func (policy *SimplePolicy) Allows(action string, resource string, principal NodeID) bool { +func (policy *SimplePolicy) Allows(action string, resource string, principal Node) bool { return policy.Actions.Allows(action, resource) }