// DeleteResource deletes the resource specified by the schema and ID func DeleteResource(context middleware.Context, dataStore db.DB, resourceSchema *schema.Schema, resourceID string, ) error { context["id"] = resourceID environmentManager := extension.GetManager() environment, ok := environmentManager.GetEnvironment(resourceSchema.ID) if !ok { return fmt.Errorf("No environment for schema") } auth := context["auth"].(schema.Authorization) policy, err := loadPolicy(context, "delete", strings.Replace(resourceSchema.GetSingleURL(), ":id", resourceID, 1), auth) if err != nil { return err } context["policy"] = policy preTransaction, err := dataStore.Begin() if err != nil { return fmt.Errorf("cannot create transaction: %v", err) } tenantIDs := policy.GetTenantIDFilter(schema.ActionDelete, auth.TenantID()) filter := transaction.IDFilter(resourceID) if tenantIDs != nil { filter["tenant_id"] = tenantIDs } resource, fetchErr := preTransaction.Fetch(resourceSchema, filter) preTransaction.Close() if resource != nil { context["resource"] = resource.Data() } if err := extension.HandleEvent(context, environment, "pre_delete"); err != nil { return err } if fetchErr != nil { return ResourceError{err, "", NotFound} } if err := InTransaction( context, dataStore, transaction.GetIsolationLevel(resourceSchema, schema.ActionDelete), func() error { return DeleteResourceInTransaction(context, resourceSchema, resourceID) }, ); err != nil { return err } if err := extension.HandleEvent(context, environment, "post_delete"); err != nil { return err } return nil }
// GetSingleResource returns the resource specified by the schema and ID func GetSingleResource(context middleware.Context, dataStore db.DB, resourceSchema *schema.Schema, resourceID string) error { context["id"] = resourceID auth := context["auth"].(schema.Authorization) policy, err := loadPolicy(context, "read", strings.Replace(resourceSchema.GetSingleURL(), ":id", resourceID, 1), auth) if err != nil { return err } context["policy"] = policy environmentManager := extension.GetManager() environment, ok := environmentManager.GetEnvironment(resourceSchema.ID) if !ok { return fmt.Errorf("No environment for schema") } if err := extension.HandleEvent(context, environment, "pre_show"); err != nil { return err } if rawResponse, ok := context["response"]; ok { if _, ok := rawResponse.(map[string]interface{}); ok { return nil } return fmt.Errorf("extension returned invalid JSON: %v", rawResponse) } if err := InTransaction( context, dataStore, transaction.GetIsolationLevel(resourceSchema, schema.ActionRead), func() error { return GetSingleResourceInTransaction(context, resourceSchema, resourceID, policy.GetTenantIDFilter(schema.ActionRead, auth.TenantID())) }, ); err != nil { return err } if err := extension.HandleEvent(context, environment, "post_show"); err != nil { return err } if err := ApplyPolicyForResource(context, resourceSchema); err != nil { return ResourceError{err, "", NotFound} } return nil }
// CreateOrUpdateResource updates resource if it existed and otherwise creates it and returns true. func CreateOrUpdateResource( context middleware.Context, dataStore db.DB, identityService middleware.IdentityService, resourceSchema *schema.Schema, resourceID string, dataMap map[string]interface{}, ) (bool, error) { auth := context["auth"].(schema.Authorization) //LoadPolicy policy, err := loadPolicy(context, "update", strings.Replace(resourceSchema.GetSingleURL(), ":id", resourceID, 1), auth) if err != nil { return false, err } preTransaction, err := dataStore.Begin() if err != nil { return false, fmt.Errorf("cannot create transaction: %v", err) } tenantIDs := policy.GetTenantIDFilter(schema.ActionUpdate, auth.TenantID()) filter := transaction.IDFilter(resourceID) if tenantIDs != nil { filter["tenant_id"] = tenantIDs } _, fetchErr := preTransaction.Fetch(resourceSchema, filter) preTransaction.Close() if fetchErr != nil { dataMap["id"] = resourceID if err := CreateResource(context, dataStore, identityService, resourceSchema, dataMap); err != nil { return false, err } return true, err } return false, UpdateResource(context, dataStore, identityService, resourceSchema, resourceID, dataMap) }
// UpdateResource updates the resource specified by the schema and ID using the dataMap func UpdateResource( context middleware.Context, dataStore db.DB, identityService middleware.IdentityService, resourceSchema *schema.Schema, resourceID string, dataMap map[string]interface{}, ) error { context["id"] = resourceID //load environment environmentManager := extension.GetManager() environment, ok := environmentManager.GetEnvironment(resourceSchema.ID) if !ok { return fmt.Errorf("No environment for schema") } auth := context["auth"].(schema.Authorization) //load policy policy, err := loadPolicy(context, "update", strings.Replace(resourceSchema.GetSingleURL(), ":id", resourceID, 1), auth) if err != nil { return err } context["policy"] = policy //fillup default values if tenantID, ok := dataMap["tenant_id"]; ok && tenantID != nil { dataMap["tenant_name"], err = identityService.GetTenantName(tenantID.(string)) } if err != nil { return ResourceError{err, err.Error(), Unauthorized} } //check policy err = policy.Check(schema.ActionUpdate, auth, dataMap) delete(dataMap, "tenant_name") if err != nil { return ResourceError{err, err.Error(), Unauthorized} } context["resource"] = dataMap if err := extension.HandleEvent(context, environment, "pre_update"); err != nil { return err } if resourceData, ok := context["resource"].(map[string]interface{}); ok { dataMap = resourceData } if err := InTransaction( context, dataStore, transaction.GetIsolationLevel(resourceSchema, schema.ActionUpdate), func() error { return UpdateResourceInTransaction(context, resourceSchema, resourceID, dataMap, policy.GetTenantIDFilter(schema.ActionUpdate, auth.TenantID())) }, ); err != nil { return err } if err := extension.HandleEvent(context, environment, "post_update"); err != nil { return err } if err := ApplyPolicyForResource(context, resourceSchema); err != nil { return ResourceError{err, "", NotFound} } return nil }
//MapRouteBySchema setup api route by schema func MapRouteBySchema(server *Server, dataStore db.DB, s *schema.Schema) { if s.IsAbstract() { return } route := server.martini singleURL := s.GetSingleURL() pluralURL := s.GetPluralURL() singleURLWithParents := s.GetSingleURLWithParents() pluralURLWithParents := s.GetPluralURLWithParents() //load extension environments environmentManager := extension.GetManager() if _, ok := environmentManager.GetEnvironment(s.ID); !ok { env, err := server.NewEnvironmentForPath(s.ID, pluralURL) if err != nil { log.Fatal(fmt.Sprintf("[%s] %v", pluralURL, err)) } environmentManager.RegisterEnvironment(s.ID, env) } log.Debug("[Plural Path] %s", pluralURL) log.Debug("[Singular Path] %s", singleURL) log.Debug("[Plural Path With Parents] %s", pluralURLWithParents) log.Debug("[Singular Path With Parents] %s", singleURLWithParents) //setup list route getPluralFunc := func(w http.ResponseWriter, r *http.Request, p martini.Params, identityService middleware.IdentityService, context middleware.Context) { addJSONContentTypeHeader(w) fillInContext(context, dataStore, r, w, s, p, server.sync, identityService, server.queue) if err := resources.GetMultipleResources(context, dataStore, s, r.URL.Query()); err != nil { handleError(w, err) return } w.Header().Add("X-Total-Count", fmt.Sprint(context["total"])) routes.ServeJson(w, context["response"]) } route.Get(pluralURL, middleware.Authorization(schema.ActionRead), getPluralFunc) route.Get(pluralURLWithParents, middleware.Authorization(schema.ActionRead), func(w http.ResponseWriter, r *http.Request, p martini.Params, identityService middleware.IdentityService, context middleware.Context) { addParamToQuery(r, schema.FormatParentID(s.Parent), p[s.Parent]) getPluralFunc(w, r, p, identityService, context) }) //setup show route getSingleFunc := func(w http.ResponseWriter, r *http.Request, p martini.Params, identityService middleware.IdentityService, context middleware.Context) { addJSONContentTypeHeader(w) fillInContext(context, dataStore, r, w, s, p, server.sync, identityService, server.queue) id := p["id"] if err := resources.GetSingleResource(context, dataStore, s, id); err != nil { handleError(w, err) return } routes.ServeJson(w, context["response"]) } route.Get(singleURL, middleware.Authorization(schema.ActionRead), getSingleFunc) route.Get(singleURLWithParents, middleware.Authorization(schema.ActionRead), func(w http.ResponseWriter, r *http.Request, p martini.Params, identityService middleware.IdentityService, context middleware.Context) { addParamToQuery(r, schema.FormatParentID(s.Parent), p[s.Parent]) getSingleFunc(w, r, p, identityService, context) }) //setup delete route deleteSingleFunc := func(w http.ResponseWriter, r *http.Request, p martini.Params, identityService middleware.IdentityService, context middleware.Context) { addJSONContentTypeHeader(w) fillInContext(context, dataStore, r, w, s, p, server.sync, identityService, server.queue) id := p["id"] if err := resources.DeleteResource(context, dataStore, s, id); err != nil { handleError(w, err) return } w.WriteHeader(http.StatusNoContent) } route.Delete(singleURL, middleware.Authorization(schema.ActionDelete), deleteSingleFunc) route.Delete(singleURLWithParents, middleware.Authorization(schema.ActionDelete), func(w http.ResponseWriter, r *http.Request, p martini.Params, identityService middleware.IdentityService, context middleware.Context) { addParamToQuery(r, schema.FormatParentID(s.Parent), p[s.Parent]) deleteSingleFunc(w, r, p, identityService, context) }) //setup create route postPluralFunc := func(w http.ResponseWriter, r *http.Request, p martini.Params, identityService middleware.IdentityService, context middleware.Context) { addJSONContentTypeHeader(w) fillInContext(context, dataStore, r, w, s, p, server.sync, identityService, server.queue) dataMap, err := middleware.ReadJSON(r) if err != nil { handleError(w, resources.NewResourceError(err, fmt.Sprintf("Failed to parse data: %s", err), resources.WrongData)) return } dataMap = removeResourceWrapper(s, dataMap) if s.Parent != "" { if _, ok := dataMap[s.ParentID()]; !ok { queryParams := r.URL.Query() parentIDParam := queryParams.Get(s.ParentID()) if parentIDParam != "" { dataMap[s.ParentID()] = parentIDParam } } } if err := resources.CreateResource(context, dataStore, identityService, s, dataMap); err != nil { handleError(w, err) return } w.WriteHeader(http.StatusCreated) routes.ServeJson(w, context["response"]) } route.Post(pluralURL, middleware.Authorization(schema.ActionCreate), postPluralFunc) route.Post(pluralURLWithParents, middleware.Authorization(schema.ActionCreate), func(w http.ResponseWriter, r *http.Request, p martini.Params, identityService middleware.IdentityService, context middleware.Context) { addParamToQuery(r, schema.FormatParentID(s.Parent), p[s.Parent]) postPluralFunc(w, r, p, identityService, context) }) //setup create or update route putSingleFunc := func(w http.ResponseWriter, r *http.Request, p martini.Params, identityService middleware.IdentityService, context middleware.Context) { addJSONContentTypeHeader(w) fillInContext(context, dataStore, r, w, s, p, server.sync, identityService, server.queue) id := p["id"] dataMap, err := middleware.ReadJSON(r) if err != nil { handleError(w, resources.NewResourceError(err, fmt.Sprintf("Failed to parse data: %s", err), resources.WrongData)) return } dataMap = removeResourceWrapper(s, dataMap) if isCreated, err := resources.CreateOrUpdateResource( context, dataStore, identityService, s, id, dataMap); err != nil { handleError(w, err) return } else if isCreated { w.WriteHeader(http.StatusCreated) } routes.ServeJson(w, context["response"]) } route.Put(singleURL, middleware.Authorization(schema.ActionUpdate), putSingleFunc) route.Put(singleURLWithParents, middleware.Authorization(schema.ActionUpdate), func(w http.ResponseWriter, r *http.Request, p martini.Params, identityService middleware.IdentityService, context middleware.Context) { addParamToQuery(r, schema.FormatParentID(s.Parent), p[s.Parent]) putSingleFunc(w, r, p, identityService, context) }) //setup update route patchSingleFunc := func(w http.ResponseWriter, r *http.Request, p martini.Params, identityService middleware.IdentityService, context middleware.Context) { addJSONContentTypeHeader(w) fillInContext(context, dataStore, r, w, s, p, server.sync, identityService, server.queue) id := p["id"] dataMap, err := middleware.ReadJSON(r) if err != nil { handleError(w, resources.NewResourceError(err, fmt.Sprintf("Failed to parse data: %s", err), resources.WrongData)) return } dataMap = removeResourceWrapper(s, dataMap) if err := resources.UpdateResource( context, dataStore, identityService, s, id, dataMap); err != nil { handleError(w, err) return } routes.ServeJson(w, context["response"]) } route.Patch(singleURL, middleware.Authorization(schema.ActionUpdate), patchSingleFunc) route.Patch(singleURLWithParents, middleware.Authorization(schema.ActionUpdate), func(w http.ResponseWriter, r *http.Request, p martini.Params, identityService middleware.IdentityService, context middleware.Context) { addParamToQuery(r, schema.FormatParentID(s.Parent), p[s.Parent]) patchSingleFunc(w, r, p, identityService, context) }) //Custom action support for _, actionExt := range s.Actions { action := actionExt ActionFunc := func(w http.ResponseWriter, r *http.Request, p martini.Params, identityService middleware.IdentityService, auth schema.Authorization, context middleware.Context) { addJSONContentTypeHeader(w) fillInContext(context, dataStore, r, w, s, p, server.sync, identityService, server.queue) id := p["id"] input := make(map[string]interface{}) if action.InputSchema != nil { var err error input, err = middleware.ReadJSON(r) if err != nil { handleError(w, resources.NewResourceError(err, fmt.Sprintf("Failed to parse data: %s", err), resources.WrongData)) return } } // TODO use authorization middleware manager := schema.GetManager() path := r.URL.Path policy, role := manager.PolicyValidate(action.ID, path, auth) if policy == nil { middleware.HTTPJSONError(w, fmt.Sprintf("No matching policy: %s %s %s", action, path, s.Actions), http.StatusUnauthorized) return } context["policy"] = policy context["tenant_id"] = auth.TenantID() context["auth_token"] = auth.AuthToken() context["role"] = role context["catalog"] = auth.Catalog() context["auth"] = auth if err := resources.ActionResource( context, dataStore, identityService, s, action, id, input); err != nil { handleError(w, err) return } routes.ServeJson(w, context["response"]) } route.AddRoute(action.Method, s.GetActionURL(action.Path), ActionFunc) } }