MetzNet
/
graphvent
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Changed ACL to get passed entire node attempting action instead of just ID

graph-rework-2
noah metz 2023-07-21 13:34:47 -06:00
parent 6cf2d2d957
commit 6bd009b43e
3 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
gql_graph.go
Unescape Escape View File

@ -899,7 +899,7 @@ func GQLMutationSendUpdate() *graphql.Field {
return nil, err
}
err = server.Allowed("signal", "self", user.ID())
err = server.Allowed("signal", "self", user)
if err != nil {
return nil, err
}
@ -981,7 +981,7 @@ func GQLQuerySelf() *graphql.Field {
return nil, err
}
err = server.Allowed("enumerate", "self", user.ID())
err = server.Allowed("enumerate", "self", user)
if err != nil {
return nil, fmt.Errorf("User %s is not allowed to perform self.enumerate on %s", user.ID(), server.ID())
}

6
node.go
Unescape Escape View File

@ -69,7 +69,7 @@ type Node interface {
ID() NodeID
Type() NodeType
Allowed(action string, resource string, principal NodeID) error
Allowed(action string, resource string, principal Node) error
AddPolicy(Policy) error
RemovePolicy(Policy) error
@ -100,13 +100,13 @@ func (node * GraphNode) Serialize() ([]byte, error) {
return json.MarshalIndent(&node_json, "", " ")
}
func (node *GraphNode) Allowed(action string, resource string, principal NodeID) error {
func (node *GraphNode) Allowed(action string, resource string, principal Node) error {
for _, policy := range(node.policies) {
if policy.Allows(action, resource, principal) == true {
return nil
}
}
return fmt.Errorf("%s is not allowed to perform %s.%s on %s", principal.String(), resource, action, node.ID().String())
return fmt.Errorf("%s is not allowed to perform %s.%s on %s", principal.ID().String(), resource, action, node.ID().String())
}
func (node *GraphNode) AddPolicy(policy Policy) error {

8
policy.go
Unescape Escape View File

@ -8,7 +8,7 @@ import (
type Policy interface {
Node
// Returns true if the principal is allowed to perform the action on the resource
Allows(action string, resource string, principal NodeID) bool
Allows(action string, resource string, principal Node) bool
}
type NodeActions map[string][]string
@ -108,8 +108,8 @@ func LoadPerNodePolicy(ctx *Context, id NodeID, data []byte, nodes NodeMap) (Nod
return &policy, nil
}
func (policy *PerNodePolicy) Allows(action string, resource string, principal NodeID) bool {
node_actions, exists := policy.Actions[principal]
func (policy *PerNodePolicy) Allows(action string, resource string, principal Node) bool {
node_actions, exists := policy.Actions[principal.ID()]
if exists == false {
return false
}
@ -171,7 +171,7 @@ func LoadSimplePolicy(ctx *Context, id NodeID, data []byte, nodes NodeMap) (Node
return &policy, nil
}
func (policy *SimplePolicy) Allows(action string, resource string, principal NodeID) bool {
func (policy *SimplePolicy) Allows(action string, resource string, principal Node) bool {
return policy.Actions.Allows(action, resource)
}