//GetSchema returns the schema filtered and trimmed for a specific user or nil when the user shouldn't see it at all func GetSchema(s *schema.Schema, authorization schema.Authorization) (result *schema.Resource, err error) { manager := schema.GetManager() metaschema, _ := manager.Schema("schema") policy, _ := manager.PolicyValidate("read", s.GetPluralURL(), authorization) if policy == nil { return } if s.IsAbstract() { return } rawSchema := s.JSON() filteredSchema := util.ExtendMap(nil, s.JSONSchema) rawSchema["schema"] = filteredSchema schemaProperties, schemaPropertiesOrder, schemaRequired := policy.FilterSchema( util.MaybeMap(s.JSONSchema["properties"]), util.MaybeStringList(s.JSONSchema["propertiesOrder"]), util.MaybeStringList(s.JSONSchema["required"])) filteredSchema["properties"] = schemaProperties filteredSchema["propertiesOrder"] = schemaPropertiesOrder filteredSchema["required"] = schemaRequired result, err = schema.NewResource(metaschema, rawSchema) if err != nil { log.Warning("%s %s", result, err) return } return }
// GetMultipleResources returns all resources specified by the schema and query parameters func GetMultipleResources(context middleware.Context, dataStore db.DB, resourceSchema *schema.Schema, queryParameters map[string][]string) error { log.Debug("Start get multiple resources!!") auth := context["auth"].(schema.Authorization) policy, err := loadPolicy(context, "read", resourceSchema.GetPluralURL(), auth) if err != nil { return err } filter := FilterFromQueryParameter(resourceSchema, queryParameters) if policy.RequireOwner() { filter["tenant_id"] = policy.GetTenantIDFilter(schema.ActionRead, auth.TenantID()) } filter = policy.RemoveHiddenProperty(filter) paginator, err := pagination.FromURLQuery(resourceSchema, queryParameters) if err != nil { return ResourceError{err, err.Error(), WrongQuery} } context["policy"] = policy environmentManager := extension.GetManager() environment, ok := environmentManager.GetEnvironment(resourceSchema.ID) if !ok { return fmt.Errorf("No environment for schema") } if err := extension.HandleEvent(context, environment, "pre_list"); err != nil { return err } if rawResponse, ok := context["response"]; ok { if _, ok := rawResponse.(map[string]interface{}); ok { return nil } return fmt.Errorf("extension returned invalid JSON: %v", rawResponse) } if err := GetResources(context, dataStore, resourceSchema, filter, paginator); err != nil { return err } if err := extension.HandleEvent(context, environment, "post_list"); err != nil { return err } if err := ApplyPolicyForResources(context, resourceSchema); err != nil { return err } return nil }
//GetSchema returns the schema filtered and trimmed for a specific user or nil when the user shouldn't see it at all func GetSchema(s *schema.Schema, authorization schema.Authorization) (result *schema.Resource, err error) { manager := schema.GetManager() metaschema, _ := manager.Schema("schema") policy, _ := manager.PolicyValidate("read", s.GetPluralURL(), authorization) if policy == nil { return } originalRawSchema := s.RawData.(map[string]interface{}) rawSchema := map[string]interface{}{} for key, value := range originalRawSchema { rawSchema[key] = value } originalSchema := originalRawSchema["schema"].(map[string]interface{}) schemaSchema := map[string]interface{}{} for key, value := range originalSchema { schemaSchema[key] = value } rawSchema["schema"] = schemaSchema originalProperties := originalSchema["properties"].(map[string]interface{}) schemaProperties := map[string]interface{}{} for key, value := range originalProperties { schemaProperties[key] = value } var schemaPropertiesOrder []interface{} if _, ok := originalSchema["propertiesOrder"]; ok { originalPropertiesOrder := originalSchema["propertiesOrder"].([]interface{}) for _, value := range originalPropertiesOrder { schemaPropertiesOrder = append(schemaPropertiesOrder, value) } } var schemaRequired []interface{} if _, ok := originalSchema["required"]; ok { originalRequired := originalSchema["required"].([]interface{}) for _, value := range originalRequired { schemaRequired = append(schemaRequired, value) } } schemaProperties, schemaPropertiesOrder, schemaRequired = policy.MetaFilter(schemaProperties, schemaPropertiesOrder, schemaRequired) schemaSchema["properties"] = schemaProperties schemaSchema["propertiesOrder"] = schemaPropertiesOrder schemaSchema["required"] = schemaRequired result, err = schema.NewResource(metaschema, rawSchema) if err != nil { log.Warning("%s %s", result, err) return } return }
// CreateResource creates the resource specified by the schema and dataMap func CreateResource( context middleware.Context, dataStore db.DB, identityService middleware.IdentityService, resourceSchema *schema.Schema, dataMap map[string]interface{}, ) error { manager := schema.GetManager() // Load environment environmentManager := extension.GetManager() environment, ok := environmentManager.GetEnvironment(resourceSchema.ID) if !ok { return fmt.Errorf("No environment for schema") } auth := context["auth"].(schema.Authorization) //LoadPolicy policy, err := loadPolicy(context, "create", resourceSchema.GetPluralURL(), auth) if err != nil { return err } _, err = resourceSchema.GetPropertyByID("tenant_id") if _, ok := dataMap["tenant_id"]; err == nil && !ok { dataMap["tenant_id"] = context["tenant_id"] } if tenantID, ok := dataMap["tenant_id"]; ok && tenantID != nil { dataMap["tenant_name"], err = identityService.GetTenantName(tenantID.(string)) if err != nil { return ResourceError{err, err.Error(), Unauthorized} } } //Apply policy for api input err = policy.Check(schema.ActionCreate, auth, dataMap) if err != nil { return ResourceError{err, err.Error(), Unauthorized} } delete(dataMap, "tenant_name") // apply property filter err = policy.ApplyPropertyConditionFilter(schema.ActionCreate, dataMap, nil) if err != nil { return ResourceError{err, err.Error(), Unauthorized} } context["resource"] = dataMap if id, ok := dataMap["id"]; !ok || id == "" { dataMap["id"] = uuid.NewV4().String() } context["id"] = dataMap["id"] if err := extension.HandleEvent(context, environment, "pre_create"); err != nil { return err } if resourceData, ok := context["resource"].(map[string]interface{}); ok { dataMap = resourceData } //Validation err = resourceSchema.ValidateOnCreate(dataMap) if err != nil { return ResourceError{err, fmt.Sprintf("Validation error: %s", err), WrongData} } resource, err := manager.LoadResource(resourceSchema.ID, dataMap) if err != nil { return err } //Fillup default err = resource.PopulateDefaults() if err != nil { return err } context["resource"] = resource.Data() if err := InTransaction( context, dataStore, transaction.GetIsolationLevel(resourceSchema, schema.ActionCreate), func() error { return CreateResourceInTransaction(context, resource) }, ); err != nil { return err } if err := extension.HandleEvent(context, environment, "post_create"); err != nil { return err } if err := ApplyPolicyForResource(context, resourceSchema); err != nil { return ResourceError{err, "", Unauthorized} } return nil }
//MapRouteBySchema setup api route by schema func MapRouteBySchema(server *Server, dataStore db.DB, s *schema.Schema) { if s.IsAbstract() { return } route := server.martini singleURL := s.GetSingleURL() pluralURL := s.GetPluralURL() singleURLWithParents := s.GetSingleURLWithParents() pluralURLWithParents := s.GetPluralURLWithParents() //load extension environments environmentManager := extension.GetManager() if _, ok := environmentManager.GetEnvironment(s.ID); !ok { env, err := server.NewEnvironmentForPath(s.ID, pluralURL) if err != nil { log.Fatal(fmt.Sprintf("[%s] %v", pluralURL, err)) } environmentManager.RegisterEnvironment(s.ID, env) } log.Debug("[Plural Path] %s", pluralURL) log.Debug("[Singular Path] %s", singleURL) log.Debug("[Plural Path With Parents] %s", pluralURLWithParents) log.Debug("[Singular Path With Parents] %s", singleURLWithParents) //setup list route getPluralFunc := func(w http.ResponseWriter, r *http.Request, p martini.Params, identityService middleware.IdentityService, context middleware.Context) { addJSONContentTypeHeader(w) fillInContext(context, dataStore, r, w, s, p, server.sync, identityService, server.queue) if err := resources.GetMultipleResources(context, dataStore, s, r.URL.Query()); err != nil { handleError(w, err) return } w.Header().Add("X-Total-Count", fmt.Sprint(context["total"])) routes.ServeJson(w, context["response"]) } route.Get(pluralURL, middleware.Authorization(schema.ActionRead), getPluralFunc) route.Get(pluralURLWithParents, middleware.Authorization(schema.ActionRead), func(w http.ResponseWriter, r *http.Request, p martini.Params, identityService middleware.IdentityService, context middleware.Context) { addParamToQuery(r, schema.FormatParentID(s.Parent), p[s.Parent]) getPluralFunc(w, r, p, identityService, context) }) //setup show route getSingleFunc := func(w http.ResponseWriter, r *http.Request, p martini.Params, identityService middleware.IdentityService, context middleware.Context) { addJSONContentTypeHeader(w) fillInContext(context, dataStore, r, w, s, p, server.sync, identityService, server.queue) id := p["id"] if err := resources.GetSingleResource(context, dataStore, s, id); err != nil { handleError(w, err) return } routes.ServeJson(w, context["response"]) } route.Get(singleURL, middleware.Authorization(schema.ActionRead), getSingleFunc) route.Get(singleURLWithParents, middleware.Authorization(schema.ActionRead), func(w http.ResponseWriter, r *http.Request, p martini.Params, identityService middleware.IdentityService, context middleware.Context) { addParamToQuery(r, schema.FormatParentID(s.Parent), p[s.Parent]) getSingleFunc(w, r, p, identityService, context) }) //setup delete route deleteSingleFunc := func(w http.ResponseWriter, r *http.Request, p martini.Params, identityService middleware.IdentityService, context middleware.Context) { addJSONContentTypeHeader(w) fillInContext(context, dataStore, r, w, s, p, server.sync, identityService, server.queue) id := p["id"] if err := resources.DeleteResource(context, dataStore, s, id); err != nil { handleError(w, err) return } w.WriteHeader(http.StatusNoContent) } route.Delete(singleURL, middleware.Authorization(schema.ActionDelete), deleteSingleFunc) route.Delete(singleURLWithParents, middleware.Authorization(schema.ActionDelete), func(w http.ResponseWriter, r *http.Request, p martini.Params, identityService middleware.IdentityService, context middleware.Context) { addParamToQuery(r, schema.FormatParentID(s.Parent), p[s.Parent]) deleteSingleFunc(w, r, p, identityService, context) }) //setup create route postPluralFunc := func(w http.ResponseWriter, r *http.Request, p martini.Params, identityService middleware.IdentityService, context middleware.Context) { addJSONContentTypeHeader(w) fillInContext(context, dataStore, r, w, s, p, server.sync, identityService, server.queue) dataMap, err := middleware.ReadJSON(r) if err != nil { handleError(w, resources.NewResourceError(err, fmt.Sprintf("Failed to parse data: %s", err), resources.WrongData)) return } dataMap = removeResourceWrapper(s, dataMap) if s.Parent != "" { if _, ok := dataMap[s.ParentID()]; !ok { queryParams := r.URL.Query() parentIDParam := queryParams.Get(s.ParentID()) if parentIDParam != "" { dataMap[s.ParentID()] = parentIDParam } } } if err := resources.CreateResource(context, dataStore, identityService, s, dataMap); err != nil { handleError(w, err) return } w.WriteHeader(http.StatusCreated) routes.ServeJson(w, context["response"]) } route.Post(pluralURL, middleware.Authorization(schema.ActionCreate), postPluralFunc) route.Post(pluralURLWithParents, middleware.Authorization(schema.ActionCreate), func(w http.ResponseWriter, r *http.Request, p martini.Params, identityService middleware.IdentityService, context middleware.Context) { addParamToQuery(r, schema.FormatParentID(s.Parent), p[s.Parent]) postPluralFunc(w, r, p, identityService, context) }) //setup create or update route putSingleFunc := func(w http.ResponseWriter, r *http.Request, p martini.Params, identityService middleware.IdentityService, context middleware.Context) { addJSONContentTypeHeader(w) fillInContext(context, dataStore, r, w, s, p, server.sync, identityService, server.queue) id := p["id"] dataMap, err := middleware.ReadJSON(r) if err != nil { handleError(w, resources.NewResourceError(err, fmt.Sprintf("Failed to parse data: %s", err), resources.WrongData)) return } dataMap = removeResourceWrapper(s, dataMap) if isCreated, err := resources.CreateOrUpdateResource( context, dataStore, identityService, s, id, dataMap); err != nil { handleError(w, err) return } else if isCreated { w.WriteHeader(http.StatusCreated) } routes.ServeJson(w, context["response"]) } route.Put(singleURL, middleware.Authorization(schema.ActionUpdate), putSingleFunc) route.Put(singleURLWithParents, middleware.Authorization(schema.ActionUpdate), func(w http.ResponseWriter, r *http.Request, p martini.Params, identityService middleware.IdentityService, context middleware.Context) { addParamToQuery(r, schema.FormatParentID(s.Parent), p[s.Parent]) putSingleFunc(w, r, p, identityService, context) }) //setup update route patchSingleFunc := func(w http.ResponseWriter, r *http.Request, p martini.Params, identityService middleware.IdentityService, context middleware.Context) { addJSONContentTypeHeader(w) fillInContext(context, dataStore, r, w, s, p, server.sync, identityService, server.queue) id := p["id"] dataMap, err := middleware.ReadJSON(r) if err != nil { handleError(w, resources.NewResourceError(err, fmt.Sprintf("Failed to parse data: %s", err), resources.WrongData)) return } dataMap = removeResourceWrapper(s, dataMap) if err := resources.UpdateResource( context, dataStore, identityService, s, id, dataMap); err != nil { handleError(w, err) return } routes.ServeJson(w, context["response"]) } route.Patch(singleURL, middleware.Authorization(schema.ActionUpdate), patchSingleFunc) route.Patch(singleURLWithParents, middleware.Authorization(schema.ActionUpdate), func(w http.ResponseWriter, r *http.Request, p martini.Params, identityService middleware.IdentityService, context middleware.Context) { addParamToQuery(r, schema.FormatParentID(s.Parent), p[s.Parent]) patchSingleFunc(w, r, p, identityService, context) }) //Custom action support for _, actionExt := range s.Actions { action := actionExt ActionFunc := func(w http.ResponseWriter, r *http.Request, p martini.Params, identityService middleware.IdentityService, auth schema.Authorization, context middleware.Context) { addJSONContentTypeHeader(w) fillInContext(context, dataStore, r, w, s, p, server.sync, identityService, server.queue) id := p["id"] input := make(map[string]interface{}) if action.InputSchema != nil { var err error input, err = middleware.ReadJSON(r) if err != nil { handleError(w, resources.NewResourceError(err, fmt.Sprintf("Failed to parse data: %s", err), resources.WrongData)) return } } // TODO use authorization middleware manager := schema.GetManager() path := r.URL.Path policy, role := manager.PolicyValidate(action.ID, path, auth) if policy == nil { middleware.HTTPJSONError(w, fmt.Sprintf("No matching policy: %s %s %s", action, path, s.Actions), http.StatusUnauthorized) return } context["policy"] = policy context["tenant_id"] = auth.TenantID() context["auth_token"] = auth.AuthToken() context["role"] = role context["catalog"] = auth.Catalog() context["auth"] = auth if err := resources.ActionResource( context, dataStore, identityService, s, action, id, input); err != nil { handleError(w, err) return } routes.ServeJson(w, context["response"]) } route.AddRoute(action.Method, s.GetActionURL(action.Path), ActionFunc) } }
"shared": false, } subnet1 = map[string]interface{}{ "id": "test3", "name": "Minas Tirith", "tenant_id": adminTenantID, "cidr": "10.10.0.0/16", } }) JustBeforeEach(func() { var ok bool currentSchema, ok = manager.Schema(schemaID) Expect(ok).To(BeTrue()) path = currentSchema.GetPluralURL() policy, role := manager.PolicyValidate(action, path, auth) Expect(policy).NotTo(BeNil()) context["policy"] = policy context["role"] = role context["tenant_id"] = auth.TenantID() context["tenant_name"] = auth.TenantName() context["auth_token"] = auth.AuthToken() context["catalog"] = auth.Catalog() context["auth"] = auth context["identity_service"] = &middleware.FakeIdentity{} env = otto.NewEnvironment(testDB, &middleware.FakeIdentity{}) environmentManager.RegisterEnvironment(schemaID, env) extensions = []*schema.Extension{}