func (h *Handler) Create(ctx context.Context, rw http.ResponseWriter, req *http.Request) {
var p DefaultPolicy
decoder := json.NewDecoder(req.Body)
if err := decoder.Decode(&p); err != nil {
http.Error(rw, err.Error(), http.StatusBadRequest)
return
}
p.ID = uuid.New()
if err := h.s.Create(&p); err != nil {
http.Error(rw, err.Error(), http.StatusInternalServerError)
return
}
pkg.WriteJSON(rw, p)
}
func (h *Handler) Get(ctx context.Context, rw http.ResponseWriter, req *http.Request) {
id, ok := mux.Vars(req)["id"]
if !ok {
http.Error(rw, "No id given.", http.StatusBadRequest)
return
}
h.m.IsAuthorized(permission(id), "get", nil)(hctx.ContextHandlerFunc(
func(ctx context.Context, rw http.ResponseWriter, req *http.Request) {
policy, err := h.s.Get(id)
if err != nil {
http.NotFound(rw, req)
}
pkg.WriteJSON(rw, policy)
},
))
}
func (h *Handler) Granted(ctx context.Context, rw http.ResponseWriter, req *http.Request) {
var p struct {
Resource string `json:"string"`
Subject string `json:"subject"`
Permission string `json:"permission"`
Context *operator.Context `json:"context"`
}
decoder := json.NewDecoder(req.Body)
if err := decoder.Decode(&p); err != nil {
http.Error(rw, err.Error(), http.StatusBadRequest)
return
}
policies, err := h.s.FindPoliciesForSubject(p.Subject)
if err != nil {
log.WithFields(log.Fields{
"error": err.Error(),
"resource": p.Resource,
"permission": p.Permission,
"subject": p.Subject,
"context": fmt.Sprintf("%s", p.Context),
})
http.Error(rw, err.Error(), http.StatusInternalServerError)
return
}
allowed, err := h.g.IsGranted(p.Resource, p.Permission, p.Subject, policies, p.Context)
if err != nil {
log.WithFields(log.Fields{
"error": err.Error(),
"resource": p.Resource,
"permission": p.Permission,
"subject": p.Subject,
"policies": fmt.Sprintf("%s", policies),
"context": fmt.Sprintf("%s", p.Context),
})
http.Error(rw, err.Error(), http.StatusInternalServerError)
return
}
pkg.WriteJSON(rw, struct {
Allowed bool `json:"allowed"`
}{Allowed: allowed})
}
