Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 argoyle
|
db43357ce0 | ||
|
argoyle
|
1476170f88 | ||
|
argoyle
|
d1898339b1 |
@@ -5,6 +5,7 @@ import (
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"net/http"
|
||||
"reflect"
|
||||
)
|
||||
|
||||
// CompanyPrivileges contains the privileges for a combination of email address and company id
|
||||
@@ -20,15 +21,25 @@ type CompanyPrivileges struct {
|
||||
|
||||
// PrivilegeAdded is the event sent when a new privilege is added
|
||||
type PrivilegeAdded struct {
|
||||
Email string `json:"email"`
|
||||
CompanyID string `json:"companyId"`
|
||||
Admin bool `json:"admin"`
|
||||
Company bool `json:"company"`
|
||||
Consumer bool `json:"consumer"`
|
||||
Time bool `json:"time"`
|
||||
Invoicing bool `json:"invoicing"`
|
||||
Accounting bool `json:"accounting"`
|
||||
Supplier bool `json:"supplier"`
|
||||
Email string `json:"email"`
|
||||
CompanyID string `json:"companyId"`
|
||||
Name string `json:"name"`
|
||||
RegistrationNumber string `json:"registrationNumber"`
|
||||
Admin bool `json:"admin"`
|
||||
Company bool `json:"company"`
|
||||
Consumer bool `json:"consumer"`
|
||||
Time bool `json:"time"`
|
||||
Invoicing bool `json:"invoicing"`
|
||||
Accounting bool `json:"accounting"`
|
||||
Supplier bool `json:"supplier"`
|
||||
}
|
||||
|
||||
// PrivilegeRemoved is the event sent when a privilege is removed
|
||||
type PrivilegeRemoved struct {
|
||||
Email string `json:"email"`
|
||||
CompanyID string `json:"companyId"`
|
||||
Name string `json:"name"`
|
||||
RegistrationNumber string `json:"registrationNumber"`
|
||||
}
|
||||
|
||||
// PrivilegeHandler processes PrivilegeAdded-events and fetches the initial set of privileges from an authz-service
|
||||
@@ -82,11 +93,17 @@ func (h *PrivilegeHandler) Fetch() error {
|
||||
|
||||
// Process privilege-related events and update the internal state
|
||||
func (h *PrivilegeHandler) Process(msg interface{}) bool {
|
||||
if ev, ok := msg.(*PrivilegeAdded); ok {
|
||||
switch ev := msg.(type) {
|
||||
case *PrivilegeAdded:
|
||||
h.setPrivileges(ev)
|
||||
return true
|
||||
case *PrivilegeRemoved:
|
||||
h.removePrivileges(ev)
|
||||
return true
|
||||
default:
|
||||
fmt.Printf("Got unexpected message type (%s): '%+v'\n", reflect.TypeOf(msg).String(), msg)
|
||||
return false
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
func (h *PrivilegeHandler) setPrivileges(ev *PrivilegeAdded) {
|
||||
@@ -108,6 +125,12 @@ func (h *PrivilegeHandler) setPrivileges(ev *PrivilegeAdded) {
|
||||
}
|
||||
}
|
||||
|
||||
func (h *PrivilegeHandler) removePrivileges(ev *PrivilegeRemoved) {
|
||||
if priv, exists := h.privileges[ev.Email]; exists {
|
||||
delete(priv, ev.CompanyID)
|
||||
}
|
||||
}
|
||||
|
||||
// CompaniesByUser return a slice of company ids matching the provided email and predicate func
|
||||
func (h *PrivilegeHandler) CompaniesByUser(email string, predicate func(privileges CompanyPrivileges) bool) []string {
|
||||
var result []string
|
||||
@@ -120,3 +143,14 @@ func (h *PrivilegeHandler) CompaniesByUser(email string, predicate func(privileg
|
||||
}
|
||||
return result
|
||||
}
|
||||
|
||||
// IsAllowed return true if the provided predicate return true for the privileges matching the provided email and companyID, return false otherwise
|
||||
func (h *PrivilegeHandler) IsAllowed(email, companyID string, predicate func(privileges CompanyPrivileges) bool) bool {
|
||||
if p, exists := h.privileges[email]; exists {
|
||||
if v, exists := p[companyID]; exists {
|
||||
return predicate(v)
|
||||
}
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user