// Shows how to add/check/remove permissions for a n entity (resource) of a user or a group entity
func Example_acl() {
entityManager := initEntityManager()
fmt.Println("ExampleShowACLAddCheckRemovePermissions")
fmt.Printf("User: %q, permission %q is: %v\n", userName1, canUsePermission,
acl.CheckUserPermission(entityManager, userName1, resourceName, acl.Permission(canUsePermission)))
data, _ := entityManager.GetPropertyAttachedToEntity(resourceName, stc.AclPropertyName)
a, ok := data.(*acl.Acl)
if ok == false {
fmt.Println("Error: can't get property", stc.AclPropertyName, "attached to resource", resourceName)
return
}
a.AddPermissionToResource(entityManager, userName1, acl.Permission(canUsePermission))
fmt.Printf("User: %q, permission %q is: %v\n", userName1, canUsePermission,
acl.CheckUserPermission(entityManager, userName1, resourceName, acl.Permission(canUsePermission)))
a.AddPermissionToResource(entityManager, groupName, acl.Permission(supportPermission))
a.AddPermissionToResource(entityManager, groupName, acl.Permission(canUsePermission))
a.AddPermissionToResource(entityManager, stc.AclAllEntryName, acl.Permission(allPermission))
a.AddPermissionToResource(entityManager, userInGroupName1, acl.Permission(usersPermission))
permissions, _ := acl.GetUserPermissions(entityManager, userInGroupName1, resourceName)
fmt.Printf("All the permissions for user: %q, on resource %q are: %q\n",
userInGroupName1, resourceName, permissions)
permissions, _ = acl.GetUserPermissions(entityManager, groupName, resourceName)
fmt.Printf("All the permissions for group %q on resource %q are: %q\n", groupName, resourceName, permissions)
a.RemovePermissionFromEntity(groupName, acl.Permission(canUsePermission))
fmt.Printf("After remove permission: %q from group %q\n", canUsePermission, groupName)
fmt.Printf("User: %q, permission %q is: %v\n", userInGroupName1, canUsePermission,
acl.CheckUserPermission(entityManager, userInGroupName1, resourceName, acl.Permission(canUsePermission)))
fmt.Printf("All the permissions are: %q\n", a.GetAllPermissions())
}
func (a aclRestful) getPermissions(request *restful.Request, response *restful.Response) {
aclData, _, err := a.getResourceAclData(request, response)
if err != nil {
return
}
permissions := aclData.GetAllPermissions()
ret := make(permissionsVecT)
cnt := 0
for p, _ := range permissions {
ret[acl.Permission(fmt.Sprintf("%v", cnt))] = acl.Permission(p)
cnt = cnt + 1
}
// if err != nil {
// a.setError(response, http.StatusNotFound, err)
// } else {
// response.WriteEntity(ret)
// }
response.WriteEntity(ret)
}
func (a aclRestful) deletePermission(request *restful.Request, response *restful.Response) {
aclData, aclInfo, err := a.getResourceAclData(request, response)
if err != nil {
return
}
err = aclData.RemovePermissionFromEntity(aclInfo.UserName, acl.Permission(aclInfo.Permission))
if err != nil {
a.setError(response, http.StatusNotFound, err)
} else {
response.WriteHeader(http.StatusNoContent)
}
}
func (a aclRestful) setPermission(request *restful.Request, response *restful.Response) {
a1, aclInfo, err := a.getResourceAclData(request, response)
if a1 == nil {
a.addAclToResource(request, response, aclInfo.ResourceName)
a1, aclInfo, _ = a.getResourceAclData(request, response)
}
err = a1.AddPermissionToResource(a.st.UsersList, aclInfo.UserName, acl.Permission(aclInfo.Permission))
if err != nil {
a.setError(response, http.StatusNotFound, err)
} else {
response.WriteHeader(http.StatusCreated)
response.WriteEntity(a.getUrlPath(request, aclInfo.Permission))
}
}
func generateAcl() (string, *acl.Acl, error) {
stRestful.UsersList.AddResource(resourceName1)
stRestful.UsersList.AddGroup(groupName)
for _, name := range usersName {
stRestful.UsersList.AddUser(name)
stRestful.UsersList.AddUserToGroup(groupName, name)
}
aclData := acl.NewACL()
for _, name := range usersName {
for _, p := range usersPermissions {
aclData.AddPermissionToResource(stRestful.UsersList, name, acl.Permission(p))
}
}
aclData.AddPermissionToResource(stRestful.UsersList, stc.AclAllEntryName, perAll)
stRestful.UsersList.AddPropertyToEntity(resourceName1, stc.AclPropertyName, aclData)
data, _ := json.Marshal(aclData)
return string(data), aclData, nil
}
func (a aclRestful) restSetPermission(request *restful.Request, response *restful.Response) {
a1, aclInfo, err := a.getResourceAclData(request, response)
if err != nil {
a.setError(response, http.StatusNotFound, err)
return
}
if a1 == nil {
eAcl := acl.NewACL()
a.addAclToResource(request, response, aclInfo.ResourceName, eAcl)
a1, aclInfo, err = a.getResourceAclData(request, response)
if err != nil {
a.setError(response, http.StatusInternalServerError, err)
return
}
}
err = a1.AddPermissionToResource(a.st.UsersList, aclInfo.UserName, acl.Permission(aclInfo.Permission))
if err != nil {
a.setError(response, http.StatusNotFound, err)
} else {
response.WriteHeader(http.StatusCreated)
response.WriteEntity(a.getUrlPath(request, entityToken, fmt.Sprintf("%v/%v/%v/%v/%v", aclInfo.UserName, resourceToken, aclInfo.ResourceName, permissionsToken, aclInfo.Permission)))
}
}
func (a aclRestful) restCheckPermission(request *restful.Request, response *restful.Response) {
a1, aclInfo, err := a.getResourceAclData(request, response)
if err != nil {
a.setError(response, http.StatusNotFound, err)
return
}
if a1 == nil {
a.setError(response, http.StatusNotFound, err)
return
}
ok := false
status := http.StatusOK
if a1 != nil && aclInfo != nil {
ok = acl.CheckUserPermission(a.st.UsersList, aclInfo.UserName, aclInfo.ResourceName, acl.Permission(aclInfo.Permission))
}
str := fmt.Sprintf("Permission '%v' is allowed", aclInfo.Permission)
if ok == false {
str = fmt.Sprintf("Permission '%v' doesn't allowed", aclInfo.Permission)
status = http.StatusNotFound
}
res := cr.Match{Match: ok, Message: str}
response.WriteHeader(status)
response.WriteEntity(res)
}