MetzNet
/
graphvent
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Changed ACL to get passed entire node attempting action instead of just ID

graph-rework-2
noah metz 2023-07-21 13:34:47 -06:00
parent 6cf2d2d957
commit 6bd009b43e
3 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
gql_graph.go
Unescape Escape View File

@ -899,7 +899,7 @@ func GQLMutationSendUpdate() *graphql.Field {
return nil, err return nil, err
} }
err = server.Allowed("signal", "self", user.ID()) err = server.Allowed("signal", "self", user)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -981,7 +981,7 @@ func GQLQuerySelf() *graphql.Field {
return nil, err return nil, err
} }
err = server.Allowed("enumerate", "self", user.ID()) err = server.Allowed("enumerate", "self", user)
if err != nil { if err != nil {
return nil, fmt.Errorf("User %s is not allowed to perform self.enumerate on %s", user.ID(), server.ID()) return nil, fmt.Errorf("User %s is not allowed to perform self.enumerate on %s", user.ID(), server.ID())
} }

6
node.go
Unescape Escape View File

@ -69,7 +69,7 @@ type Node interface {
ID() NodeID ID() NodeID
Type() NodeType Type() NodeType
Allowed(action string, resource string, principal NodeID) error Allowed(action string, resource string, principal Node) error
AddPolicy(Policy) error AddPolicy(Policy) error
RemovePolicy(Policy) error RemovePolicy(Policy) error
@ -100,13 +100,13 @@ func (node * GraphNode) Serialize() ([]byte, error) {
return json.MarshalIndent(&node_json, "", " ") return json.MarshalIndent(&node_json, "", " ")
} }
func (node *GraphNode) Allowed(action string, resource string, principal NodeID) error { func (node *GraphNode) Allowed(action string, resource string, principal Node) error {
for _, policy := range(node.policies) { for _, policy := range(node.policies) {
if policy.Allows(action, resource, principal) == true { if policy.Allows(action, resource, principal) == true {
return nil return nil
} }
} }
return fmt.Errorf("%s is not allowed to perform %s.%s on %s", principal.String(), resource, action, node.ID().String()) return fmt.Errorf("%s is not allowed to perform %s.%s on %s", principal.ID().String(), resource, action, node.ID().String())
} }
func (node *GraphNode) AddPolicy(policy Policy) error { func (node *GraphNode) AddPolicy(policy Policy) error {

8
policy.go
Unescape Escape View File

@ -8,7 +8,7 @@ import (
type Policy interface { type Policy interface {
Node Node
// Returns true if the principal is allowed to perform the action on the resource // Returns true if the principal is allowed to perform the action on the resource
Allows(action string, resource string, principal NodeID) bool Allows(action string, resource string, principal Node) bool
} }
type NodeActions map[string][]string type NodeActions map[string][]string
@ -108,8 +108,8 @@ func LoadPerNodePolicy(ctx *Context, id NodeID, data []byte, nodes NodeMap) (Nod
return &policy, nil return &policy, nil
} }
func (policy *PerNodePolicy) Allows(action string, resource string, principal NodeID) bool { func (policy *PerNodePolicy) Allows(action string, resource string, principal Node) bool {
node_actions, exists := policy.Actions[principal] node_actions, exists := policy.Actions[principal.ID()]
if exists == false { if exists == false {
return false return false
} }
@ -171,7 +171,7 @@ func LoadSimplePolicy(ctx *Context, id NodeID, data []byte, nodes NodeMap) (Node
return &policy, nil return &policy, nil
} }
func (policy *SimplePolicy) Allows(action string, resource string, principal NodeID) bool { func (policy *SimplePolicy) Allows(action string, resource string, principal Node) bool {
return policy.Actions.Allows(action, resource) return policy.Actions.Allows(action, resource)
} }