// Recomputes the set of channels a User/Role has been granted access to by sync() functions. // This is part of the ChannelComputer interface defined by the Authenticator. func (context *DatabaseContext) ComputeChannelsForPrincipal(princ auth.Principal) (channels.TimedSet, error) { key := princ.Name() if _, ok := princ.(auth.User); !ok { key = "role:" + key // Roles are identified in access view by a "role:" prefix } var vres struct { Rows []struct { Value channels.TimedSet } } opts := map[string]interface{}{"stale": false, "key": key} if verr := context.Bucket.ViewCustom(DesignDocSyncGateway, ViewAccess, opts, &vres); verr != nil { return nil, verr } channelSet := channels.TimedSet{} for _, row := range vres.Rows { channelSet.Add(row.Value) } return channelSet, nil }
// Recomputes the set of roles a User has been granted access to by sync() functions. // This is part of the ChannelComputer interface defined by the Authenticator. func (context *DatabaseContext) ComputeRolesForUser(user auth.User) (channels.TimedSet, error) { var vres struct { Rows []struct { Value channels.TimedSet } } opts := map[string]interface{}{"stale": false, "key": user.Name()} if verr := context.Bucket.ViewCustom(DesignDocSyncGateway, ViewRoleAccess, opts, &vres); verr != nil { return nil, verr } // Merge the TimedSets from the view result: var result channels.TimedSet for _, row := range vres.Rows { if result == nil { result = row.Value } else { result.Add(row.Value) } } return result, nil }
func (auth *Authenticator) rebuildRoles(user User) error { var roles ch.TimedSet if auth.channelComputer != nil { var err error roles, err = auth.channelComputer.ComputeRolesForUser(user) if err != nil { base.Warn("channelComputer.ComputeRolesForUser failed on user %s: %v", user.Name(), err) return err } } if roles == nil { roles = ch.TimedSet{} // it mustn't be nil; nil means it's unknown } if explicit := user.ExplicitRoles(); explicit != nil { roles.Add(explicit) } base.LogTo("Access", "Computed roles for %q: %s", user.Name(), roles) user.setRolesSince(roles) return nil }