예제 #1
0
파일: event.go 프로젝트: tsuru/tsuru
// title: event list
// path: /events
// method: GET
// produce: application/json
// responses:
//   200: OK
//   204: No content
func eventList(w http.ResponseWriter, r *http.Request, t auth.Token) error {
	r.ParseForm()
	filter := &event.Filter{}
	dec := form.NewDecoder(nil)
	dec.IgnoreUnknownKeys(true)
	dec.IgnoreCase(true)
	err := dec.DecodeValues(&filter, r.Form)
	if err != nil {
		return &errors.HTTP{Code: http.StatusBadRequest, Message: fmt.Sprintf("unable to parse event filters: %s", err)}
	}
	filter.PruneUserValues()
	filter.Permissions, err = t.Permissions()
	if err != nil {
		return err
	}
	events, err := event.List(filter)
	if err != nil {
		return err
	}
	if len(events) == 0 {
		w.WriteHeader(http.StatusNoContent)
		return nil
	}
	w.Header().Add("Content-Type", "application/json")
	return json.NewEncoder(w).Encode(events)
}
예제 #2
0
파일: permission.go 프로젝트: tsuru/tsuru
func canUseRole(t auth.Token, roleName, contextValue string) error {
	role, err := permission.FindRole(roleName)
	if err != nil {
		if err == permission.ErrRoleNotFound {
			return &errors.HTTP{
				Code:    http.StatusNotFound,
				Message: err.Error(),
			}
		}
		return err
	}
	userPerms, err := t.Permissions()
	if err != nil {
		return err
	}
	perms := role.PermissionsFor(contextValue)
	for _, p := range perms {
		if !permission.CheckFromPermList(userPerms, p.Scheme, p.Context) {
			return &errors.HTTP{
				Code:    http.StatusForbidden,
				Message: fmt.Sprintf("User not authorized to use permission %s", p.String()),
			}
		}
	}
	return nil
}
예제 #3
0
파일: auth.go 프로젝트: zhenruyan/tsuru
func teamList(w http.ResponseWriter, r *http.Request, t auth.Token) error {
	rec.Log(t.GetUserName(), "list-teams")
	permsForTeam := permission.PermissionRegistry.PermissionsWithContextType(permission.CtxTeam)
	teams, err := auth.ListTeams()
	if err != nil {
		return err
	}
	teamsMap := map[string][]string{}
	perms, err := t.Permissions()
	if err != nil {
		return err
	}
	for _, team := range teams {
		teamCtx := permission.Context(permission.CtxTeam, team.Name)
		var parent *permission.PermissionScheme
		for _, p := range permsForTeam {
			if parent != nil && parent.IsParent(p) {
				continue
			}
			if permission.CheckFromPermList(perms, p, teamCtx) {
				parent = p
				teamsMap[team.Name] = append(teamsMap[team.Name], p.FullName())
			}
		}
	}
	if len(teamsMap) == 0 {
		w.WriteHeader(http.StatusNoContent)
		return nil
	}
	var result []map[string]interface{}
	for name, permissions := range teamsMap {
		result = append(result, map[string]interface{}{
			"name":        name,
			"permissions": permissions,
		})
	}
	w.Header().Set("Content-Type", "application/json")
	b, err := json.Marshal(result)
	if err != nil {
		return err
	}
	n, err := w.Write(b)
	if err != nil {
		return err
	}
	if n != len(b) {
		return &errors.HTTP{Code: http.StatusInternalServerError, Message: "Failed to write response body."}
	}
	return nil
}
예제 #4
0
파일: auth.go 프로젝트: zhenruyan/tsuru
func userInfo(w http.ResponseWriter, r *http.Request, t auth.Token) error {
	user, err := t.User()
	if err != nil {
		return err
	}
	perms, err := t.Permissions()
	if err != nil {
		return err
	}
	userData, err := createApiUser(perms, user, nil)
	if err != nil {
		return err
	}
	w.Header().Add("Content-Type", "application/json")
	return json.NewEncoder(w).Encode(userData)
}
예제 #5
0
파일: auth.go 프로젝트: tsuru/tsuru
// title: user list
// path: /users
// method: GET
// produce: application/json
// responses:
//   200: OK
//   401: Unauthorized
func listUsers(w http.ResponseWriter, r *http.Request, t auth.Token) error {
	userEmail := r.URL.Query().Get("userEmail")
	roleName := r.URL.Query().Get("role")
	contextValue := r.URL.Query().Get("context")
	users, err := auth.ListUsers()
	if err != nil {
		return err
	}
	apiUsers := make([]apiUser, 0, len(users))
	roleMap := make(map[string]*permission.Role)
	includeAll := permission.Check(t, permission.PermUserUpdate)
	perms, err := t.Permissions()
	if err != nil {
		return err
	}
	for _, user := range users {
		usrData, err := createAPIUser(perms, &user, roleMap, includeAll)
		if err != nil {
			return err
		}
		if usrData == nil {
			continue
		}
		if userEmail == "" && roleName == "" {
			apiUsers = append(apiUsers, *usrData)
		}
		if userEmail != "" && usrData.Email == userEmail {
			apiUsers = append(apiUsers, *usrData)
		}
		if roleName != "" {
			for _, role := range usrData.Roles {
				if role.Name == roleName {
					if contextValue != "" && role.ContextValue == contextValue {
						apiUsers = append(apiUsers, *usrData)
						break
					}
					if contextValue == "" {
						apiUsers = append(apiUsers, *usrData)
						break
					}
				}
			}
		}
	}
	w.Header().Add("Content-Type", "application/json")
	return json.NewEncoder(w).Encode(apiUsers)
}
예제 #6
0
파일: auth.go 프로젝트: zhenruyan/tsuru
func listUsers(w http.ResponseWriter, r *http.Request, t auth.Token) error {
	users, err := auth.ListUsers()
	if err != nil {
		return err
	}
	apiUsers := make([]apiUser, 0, len(users))
	roleMap := make(map[string]*permission.Role)
	perms, err := t.Permissions()
	if err != nil {
		return err
	}
	for _, user := range users {
		usrData, err := createApiUser(perms, &user, roleMap)
		if err != nil {
			return err
		}
		if usrData != nil {
			apiUsers = append(apiUsers, *usrData)
		}
	}
	return json.NewEncoder(w).Encode(apiUsers)
}
예제 #7
0
파일: auth.go 프로젝트: tsuru/tsuru
// title: team list
// path: /teams
// method: GET
// produce: application/json
// responses:
//   200: List teams
//   204: No content
//   401: Unauthorized
func teamList(w http.ResponseWriter, r *http.Request, t auth.Token) error {
	permsForTeam := permission.PermissionRegistry.PermissionsWithContextType(permission.CtxTeam)
	teams, err := auth.ListTeams()
	if err != nil {
		return err
	}
	teamsMap := map[string][]string{}
	perms, err := t.Permissions()
	if err != nil {
		return err
	}
	for _, team := range teams {
		teamCtx := permission.Context(permission.CtxTeam, team.Name)
		var parent *permission.PermissionScheme
		for _, p := range permsForTeam {
			if parent != nil && parent.IsParent(p) {
				continue
			}
			if permission.CheckFromPermList(perms, p, teamCtx) {
				parent = p
				teamsMap[team.Name] = append(teamsMap[team.Name], p.FullName())
			}
		}
	}
	if len(teamsMap) == 0 {
		w.WriteHeader(http.StatusNoContent)
		return nil
	}
	var result []map[string]interface{}
	for name, permissions := range teamsMap {
		result = append(result, map[string]interface{}{
			"name":        name,
			"permissions": permissions,
		})
	}
	w.Header().Set("Content-Type", "application/json")
	return json.NewEncoder(w).Encode(result)
}