// AddPermissionToEntity : Add the given permission to the given resource for the given entity func (a *Acl) AddPermissionToEntity(el *en.EntityManager, entityName string, permission en.Permission) error { lock.Lock() defer lock.Unlock() if el == nil { return fmt.Errorf("entityManager is nil") } err := en.IsEntityNameValid(entityName) if err != nil { return err } if el.IsEntityInList(entityName) == false { return fmt.Errorf("Cannot add permission to entity '%v': It is not in the entity list", entityName) } if el.IsPermissionInList(permission) == false { return fmt.Errorf("Cannot add permission '%v' to entity '%v': It is not in the permissions list, please add it first", permission, entityName) } e, exist := a.Permissions[entityName] if exist == false { e, _ = NewEntry(entityName) } logger.Trace.Println("Add permission:", permission, "to:", entityName) _, err = e.AddPermission(permission) a.Permissions[entityName] = e return err }
// GetUserPermissions : Get all the permissions of a given user to a given resource- // return the user's list of permissions to the given resource // The permissions may be listed as the user's permissions, permissions to groups // in which the user is a member or permissions that are given to 'all' func GetUserPermissions(el *en.EntityManager, userName string, resourceName string) (PermissionsMap, error) { lock.Lock() defer lock.Unlock() if el == nil { return nil, fmt.Errorf("entityManager is nil") } err := en.IsEntityNameValid(userName) if err != nil { return nil, err } err = en.IsEntityNameValid(resourceName) if err != nil { return nil, err } if el.IsEntityInList(userName) == false { return nil, fmt.Errorf("Entity %q is not in the entity manager", userName) } permissions := make(PermissionsMap) data, err := el.GetPropertyAttachedToEntity(resourceName, defs.AclPropertyName) if err != nil { return nil, fmt.Errorf("Resource '%v' does not have an ACL property", resourceName) } acl, ok := data.(*Acl) if ok == false { return nil, fmt.Errorf("Resource '%v' ACL property is in the wrong type", resourceName) } for name, p := range acl.Permissions { if name == userName || name == defs.AclAllEntryName || el.IsUserPartOfAGroup(name, userName) { for permission := range p.Permissions { permissions[permission] = "" } } } logger.Trace.Println("The permissions of:", userName, "are:", permissions) return permissions, nil }