From 89b082fc8eac5dab095747f06c87c6b1c40dacc7 Mon Sep 17 00:00:00 2001 From: Noah Metz Date: Tue, 25 Jul 2023 00:50:26 -0600 Subject: [PATCH] Cleaned up policy.go and added start of UserOfPolicy(need to finish allows) --- policy.go | 113 ++++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 79 insertions(+), 34 deletions(-) diff --git a/policy.go b/policy.go index 534767b..1768dcd 100644 --- a/policy.go +++ b/policy.go @@ -2,6 +2,7 @@ package graphvent import ( "encoding/json" + "fmt" ) // A policy represents a set of rules attached to a Node that allow principals to perform actions on it @@ -80,13 +81,7 @@ func NewPerNodePolicy(id NodeID, actions map[NodeID]NodeActions) PerNodePolicy { } } -func LoadPerNodePolicy(ctx *Context, id NodeID, data []byte, nodes NodeMap) (Node, error) { - var j PerNodePolicyJSON - err := json.Unmarshal(data, &j) - if err != nil { - return nil, err - } - +var LoadPerNodePolicy = LoadJSONNode(func(id NodeID, j PerNodePolicyJSON) (Node, error) { actions := map[NodeID]NodeActions{} for principal_str, node_actions := range(j.Actions) { principal_id, err := ParseID(principal_str) @@ -98,15 +93,10 @@ func LoadPerNodePolicy(ctx *Context, id NodeID, data []byte, nodes NodeMap) (Nod } policy := NewPerNodePolicy(id, actions) - nodes[id] = &policy - - err = RestoreSimpleNode(ctx, &policy.SimpleNode, j.SimpleNodeJSON, nodes) - if err != nil { - return nil, err - } - return &policy, nil -} +}, func(ctx *Context, node Node, j PerNodePolicyJSON, nodes NodeMap) error { + return RestoreSimpleNode(ctx, node.NodeHandle(), j.SimpleNodeJSON, nodes) +}) func (policy *PerNodePolicy) Allows(node Node, resource string, action string, principal Node) bool { node_actions, exists := policy.Actions[principal.ID()] @@ -135,11 +125,16 @@ func (policy *SimplePolicy) Type() NodeType { return NodeType("simple_policy") } -func (policy *SimplePolicy) Serialize() ([]byte, error) { - return json.MarshalIndent(&SimplePolicyJSON{ +func NewSimplePolicyJSON(policy *SimplePolicy) SimplePolicyJSON { + return SimplePolicyJSON{ SimpleNodeJSON: NewSimpleNodeJSON(&policy.SimpleNode), Actions: policy.Actions, - }, "", " ") + } +} + +func (policy *SimplePolicy) Serialize() ([]byte, error) { + j := NewSimplePolicyJSON(policy) + return json.MarshalIndent(&j, "", " ") } func NewSimplePolicy(id NodeID, actions NodeActions) SimplePolicy { @@ -153,23 +148,12 @@ func NewSimplePolicy(id NodeID, actions NodeActions) SimplePolicy { } } -func LoadSimplePolicy(ctx *Context, id NodeID, data []byte, nodes NodeMap) (Node, error) { - var j SimplePolicyJSON - err := json.Unmarshal(data, &j) - if err != nil { - return nil, err - } - +var LoadSimplePolicy = LoadJSONNode(func(id NodeID, j SimplePolicyJSON) (Node, error) { policy := NewSimplePolicy(id, j.Actions) - nodes[id] = &policy - - err = RestoreSimpleNode(ctx, &policy.SimpleNode, j.SimpleNodeJSON, nodes) - if err != nil { - return nil, err - } - return &policy, nil -} +}, func(ctx *Context, node Node, j SimplePolicyJSON, nodes NodeMap) error { + return RestoreSimpleNode(ctx, node.NodeHandle(), j.SimpleNodeJSON, nodes) +}) func (policy *SimplePolicy) Allows(node Node, resource string, action string, principal Node) bool { return policy.Actions.Allows(resource, action) @@ -241,7 +225,6 @@ type ParentPolicy struct { SimplePolicy } - func (policy *ParentPolicy) Type() NodeType { return NodeType("parent_policy") } @@ -298,3 +281,65 @@ func (policy *ChildrenPolicy) Allows(node Node, resource string, action string, return false } + +type UserOfPolicy struct { + SimplePolicy + Target NodeWithUsers +} + +type UserOfPolicyJSON struct { + SimplePolicyJSON + Target string `json:"target"` +} + +func (policy *UserOfPolicy) Type() NodeType { + return NodeType("user_of_policy") +} + +func (policy *UserOfPolicy) Serialize() ([]byte, error) { + target := "" + if policy.Target != nil { + target = policy.Target.ID().String() + } + return json.MarshalIndent(&UserOfPolicyJSON{ + SimplePolicyJSON: NewSimplePolicyJSON(&policy.SimplePolicy), + Target: target, + }, "", " ") +} + +func NewUserOfPolicy(id NodeID, actions NodeActions) UserOfPolicy { + return UserOfPolicy{ + SimplePolicy: NewSimplePolicy(id, actions), + Target: nil, + } +} + +var LoadUserOfPolicy = LoadJSONNode(func(id NodeID, j UserOfPolicyJSON) (Node, error) { + policy := NewUserOfPolicy(id, j.Actions) + return &policy, nil +}, func(ctx *Context, policy *UserOfPolicy, j UserOfPolicyJSON, nodes NodeMap) error { + if j.Target != "" { + target_id, err := ParseID(j.Target) + if err != nil { + return err + } + + target_node, err := LoadNodeRecurse(ctx, target_id, nodes) + if err != nil { + return err + } + + target, ok := target_node.(NodeWithUsers) + if ok == false { + return fmt.Errorf("%s is not a NodeWithUsers", target_node.ID()) + } + policy.Target = target + return nil + } + return RestoreSimpleNode(ctx, policy, j.SimpleNodeJSON, nodes) +}) + +// TODO: pass state context through allows so that it can grab the target node's lock to check it's users safely +func (policy *UserOfPolicy) Allows(node Node, resource string, action string, principal Node) bool { + return false +}