Golang CheckUserAccessの例

コード例 #1

ファイル: app.go プロジェクト: bardusco/tsuru

func getServiceInstace(instanceName, appName string, u *auth.User) (service.ServiceInstance, app.App, error) {
	var app app.App
	conn, err := db.Conn()
	if err != nil {
		return service.ServiceInstance{}, app, err
	}
	defer conn.Close()
	instance, err := service.GetInstance(instanceName)
	if err != nil {
		err = &errors.Http{Code: http.StatusNotFound, Message: "Instance not found"}
		return instance, app, err
	}
	if !auth.CheckUserAccess(instance.Teams, u) {
		err = &errors.Http{Code: http.StatusForbidden, Message: "This user does not have access to this instance"}
		return instance, app, err
	}
	err = conn.Apps().Find(bson.M{"name": appName}).One(&app)
	if err != nil {
		err = &errors.Http{Code: http.StatusNotFound, Message: fmt.Sprintf("App %s not found.", appName)}
		return instance, app, err
	}
	if !auth.CheckUserAccess(app.Teams, u) {
		err = &errors.Http{Code: http.StatusForbidden, Message: "This user does not have access to this app"}
		return instance, app, err
	}
	return instance, app, nil
}

コード例 #2

ファイル: service_consumption.go プロジェクト: bardusco/tsuru

func getServiceInstanceOrError(name string, u *auth.User) (service.ServiceInstance, error) {
	si, err := service.GetInstance(name)
	if err != nil {
		return si, &errors.Http{Code: http.StatusNotFound, Message: "Service instance not found"}
	}
	if !auth.CheckUserAccess(si.Teams, u) {
		msg := "This user does not have access to this service instance"
		return si, &errors.Http{Code: http.StatusForbidden, Message: msg}
	}
	return si, nil
}

コード例 #3

ファイル: service_provision.go プロジェクト: nkts/golang-devops-stuff

func getServiceByOwner(name string, u *auth.User) (service.Service, error) {
	s := service.Service{Name: name}
	err := s.Get()
	if err != nil {
		return s, &errors.HTTP{Code: http.StatusNotFound, Message: "Service not found"}
	}
	if !auth.CheckUserAccess(s.OwnerTeams, u) {
		msg := "This user does not have access to this service"
		return s, &errors.HTTP{Code: http.StatusForbidden, Message: msg}
	}
	return s, err
}

コード例 #4

ファイル: app.go プロジェクト: janqii/tsuru

func getApp(name string, u *auth.User) (app.App, error) {
	a, err := app.GetByName(name)
	if err != nil {
		return app.App{}, &errors.HTTP{Code: http.StatusNotFound, Message: fmt.Sprintf("App %s not found.", name)}
	}
	if u.IsAdmin() {
		return *a, nil
	}
	if !auth.CheckUserAccess(a.Teams, u) {
		return *a, &errors.HTTP{Code: http.StatusForbidden, Message: "User does not have access to this app"}
	}
	return *a, nil
}

コード例 #5

ファイル: service_instance.go プロジェクト: pombredanne/tsuru

func GetServiceInstance(name string, u *auth.User) (*ServiceInstance, error) {
	conn, err := db.Conn()
	if err != nil {
		return nil, err
	}
	defer conn.Close()
	rec.Log(u.Email, "get-service-instance", name)
	var instance ServiceInstance
	err = conn.ServiceInstances().Find(bson.M{"name": name}).One(&instance)
	if err != nil {
		return nil, ErrServiceInstanceNotFound
	}
	if !auth.CheckUserAccess(instance.Teams, u) {
		return nil, ErrAccessNotAllowed
	}
	return &instance, nil
}

コード例 #6

ファイル: service_consumption.go プロジェクト: nedmax/tsuru

func getServiceInstanceOrError(name string, u *auth.User) (service.ServiceInstance, error) {
	var si service.ServiceInstance
	conn, err := db.Conn()
	if err != nil {
		return si, err
	}
	defer conn.Close()
	err = conn.ServiceInstances().Find(bson.M{"name": name}).One(&si)
	if err != nil {
		return si, &errors.Http{Code: http.StatusNotFound, Message: "Service instance not found"}
	}
	if !auth.CheckUserAccess(si.Teams, u) {
		msg := "This user does not have access to this service instance"
		return si, &errors.Http{Code: http.StatusForbidden, Message: msg}
	}
	return si, nil
}

コード例 #7

ファイル: service_provision.go プロジェクト: nkts/golang-devops-stuff

func getServiceAndTeam(serviceName string, teamName string, u *auth.User) (*service.Service, *auth.Team, error) {
	service := &service.Service{Name: serviceName}
	err := service.Get()
	if err != nil {
		return nil, nil, &errors.HTTP{Code: http.StatusNotFound, Message: "Service not found"}
	}
	if !auth.CheckUserAccess(service.Teams, u) {
		msg := "This user does not have access to this service"
		return nil, nil, &errors.HTTP{Code: http.StatusForbidden, Message: msg}
	}
	t := new(auth.Team)
	conn, err := db.Conn()
	if err != nil {
		return nil, nil, err
	}
	err = conn.Teams().Find(bson.M{"_id": teamName}).One(t)
	if err != nil {
		return nil, nil, &errors.HTTP{Code: http.StatusNotFound, Message: "Team not found"}
	}
	return service, t, nil
}