// Roles returns a list of applicable roles based on the username in the token
func Roles(w http.ResponseWriter, r *http.Request) {
var token string
t := r.Header.Get("Authorization")
if strings.HasPrefix(t, "Bearer ") {
token = strings.SplitAfter(t, "Bearer ")[1]
} else {
token = ""
}
w.Header().Set("Content-Type", "application/json; charset=UTF-8")
w.WriteHeader(http.StatusOK)
if err := json.NewEncoder(w).Encode(authz.GetProvider().GetRoles(token)); err != nil {
panic(err)
}
}
func NewRouter() *mux.Router {
router := mux.NewRouter().StrictSlash(true)
for _, route := range routes {
var handler http.Handler
authz.GetProvider().AddRestriction(route.Role, route.Method, route.Pattern)
handler = route.HandlerFunc
handler = util.NewTelemetry(handler, route.Name)
handler = util.LoggingHandler(handler, log)
handler = authz.PermissionHandler(handler)
router.
Methods(route.Method).
Path(route.Pattern).
Name(route.Name).
Handler(handler)
log.Debugf("Added route %s", route.String())
}
return router
}
import (
"authz"
"fox"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
"util"
)
var _ = Describe("Authz", func() {
var provider authz.Provider
BeforeEach(func() {
util.LoadConfigByName("test_config")
fox.NewRouter()
provider = authz.GetProvider()
})
Describe("Authorization querys", func() {
BeforeEach(func() {
})
Context("User exists and has rights", func() {
It("Should return true", func() {
b := provider.IsAuthorized("fantasticmrfox", "GET", "/fox/foxes/{foxId}")
Expect(b).To(Equal(true))
})
})
})
})