working for now
This commit is contained in:
parent
e9415a471f
commit
769dd9eb7c
8 changed files with 17 additions and 25 deletions
|
|
@ -8,6 +8,7 @@ import (
|
|||
"dynatron.me/x/stillbox/internal/audio"
|
||||
"dynatron.me/x/stillbox/internal/jsontypes"
|
||||
"dynatron.me/x/stillbox/pkg/pb"
|
||||
"dynatron.me/x/stillbox/pkg/rbac"
|
||||
"dynatron.me/x/stillbox/pkg/talkgroups"
|
||||
"dynatron.me/x/stillbox/pkg/users"
|
||||
|
||||
|
|
@ -15,8 +16,6 @@ import (
|
|||
"google.golang.org/protobuf/types/known/timestamppb"
|
||||
)
|
||||
|
||||
const Resource = "call"
|
||||
|
||||
type CallDuration time.Duration
|
||||
|
||||
func (d CallDuration) Duration() time.Duration {
|
||||
|
|
@ -77,7 +76,7 @@ type Call struct {
|
|||
}
|
||||
|
||||
func (c *Call) GetResourceName() string {
|
||||
return Resource
|
||||
return rbac.ResourceCall
|
||||
}
|
||||
|
||||
func (c *Call) String() string {
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ import (
|
|||
|
||||
"dynatron.me/x/stillbox/internal/jsontypes"
|
||||
"dynatron.me/x/stillbox/pkg/calls"
|
||||
"dynatron.me/x/stillbox/pkg/rbac"
|
||||
"dynatron.me/x/stillbox/pkg/users"
|
||||
"github.com/google/uuid"
|
||||
)
|
||||
|
|
|
|||
|
|
@ -381,4 +381,3 @@ func (s *store) CallIn(ctx context.Context, inc uuid.UUID, call uuid.UUID) (bool
|
|||
db := database.FromCtx(ctx)
|
||||
return db.CallInIncident(ctx, inc, call)
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -6,19 +6,21 @@ import (
|
|||
"fmt"
|
||||
"reflect"
|
||||
|
||||
"dynatron.me/x/stillbox/pkg/database"
|
||||
|
||||
"github.com/el-mike/restrict/v2"
|
||||
"github.com/google/uuid"
|
||||
)
|
||||
|
||||
const (
|
||||
SubmitterEqualConditionType = "SUBMITTER_EQUAL"
|
||||
InMapConditionType = "IN_MAP"
|
||||
InMapConditionType = "IN_MAP"
|
||||
CallInIncidentConditionType = "CALL_IN_INCIDENT"
|
||||
)
|
||||
|
||||
type CallInIncidentCondition struct {
|
||||
ID string `json:"name,omitempty" yaml:"name,omitempty"`
|
||||
Call *restrict.ValueDescriptor `json:"call" yaml:"call"`
|
||||
ID string `json:"name,omitempty" yaml:"name,omitempty"`
|
||||
Call *restrict.ValueDescriptor `json:"call" yaml:"call"`
|
||||
Incident *restrict.ValueDescriptor `json:"incident" yaml:"incident"`
|
||||
}
|
||||
|
||||
|
|
@ -52,8 +54,7 @@ func (c *CallInIncidentCondition) Check(r *restrict.AccessRequest) error {
|
|||
return restrict.NewConditionNotSatisfiedError(c, r, errors.New("call ID is not UUID"))
|
||||
}
|
||||
|
||||
incs := FromCtx(ctx)
|
||||
inCall, err := incs.CallIn(ctx, incID, incID)
|
||||
inCall, err := database.FromCtx(ctx).CallInIncident(ctx, incID, incID)
|
||||
if err != nil {
|
||||
return restrict.NewConditionNotSatisfiedError(c, r, err)
|
||||
}
|
||||
|
|
@ -106,7 +107,7 @@ func SubmitterEqualConditionFactory() restrict.Condition {
|
|||
}
|
||||
|
||||
type InMapCondition[K comparable, V any] struct {
|
||||
ID string `json:"name,omitempty" yaml:"name,omitempty"`
|
||||
ID string `json:"name,omitempty" yaml:"name,omitempty"`
|
||||
Key *restrict.ValueDescriptor `json:"key" yaml:"key"`
|
||||
Map *restrict.ValueDescriptor `json:"map" yaml:"map"`
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
package rbac
|
||||
|
||||
import (
|
||||
"dynatron.me/x/stillbox/pkg/incidents/incstore"
|
||||
|
||||
"github.com/el-mike/restrict/v2"
|
||||
)
|
||||
|
||||
|
|
@ -13,9 +11,9 @@ const (
|
|||
PresetReadSharedInMap = "readSharedInMap"
|
||||
PresetShareOwn = "shareOwn"
|
||||
|
||||
PresetUpdateSubmitter = "updateSubmitter"
|
||||
PresetDeleteSubmitter = "deleteSubmitter"
|
||||
PresetShareSubmitter = "shareSubmitter"
|
||||
PresetUpdateSubmitter = "updateSubmitter"
|
||||
PresetDeleteSubmitter = "deleteSubmitter"
|
||||
PresetShareSubmitter = "shareSubmitter"
|
||||
PresetReadInSharedIncident = "readInSharedIncident"
|
||||
)
|
||||
|
||||
|
|
@ -226,7 +224,7 @@ var Policy = &restrict.PolicyDefinition{
|
|||
PresetReadInSharedIncident: &restrict.Permission{
|
||||
Action: ActionRead,
|
||||
Conditions: restrict.Conditions{
|
||||
&incstore.CallInIncidentCondition{
|
||||
&CallInIncidentCondition{
|
||||
ID: "callInIncident",
|
||||
Call: &restrict.ValueDescriptor{
|
||||
Source: restrict.ResourceField,
|
||||
|
|
|
|||
|
|
@ -8,8 +8,6 @@ import (
|
|||
"github.com/el-mike/restrict/v2/adapters"
|
||||
)
|
||||
|
||||
|
||||
|
||||
var (
|
||||
ErrBadSubject = errors.New("bad subject in token")
|
||||
)
|
||||
|
|
@ -124,7 +122,6 @@ func (r *rbac) Check(ctx context.Context, res restrict.Resource, opts ...CheckOp
|
|||
sub := SubjectFrom(ctx)
|
||||
o := checkOptions{}
|
||||
|
||||
|
||||
for _, opt := range opts {
|
||||
opt(&o)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,10 +9,7 @@ import (
|
|||
"strings"
|
||||
|
||||
"dynatron.me/x/stillbox/pkg/database"
|
||||
)
|
||||
|
||||
const (
|
||||
Resource = "Talkgroup"
|
||||
"dynatron.me/x/stillbox/pkg/rbac"
|
||||
)
|
||||
|
||||
type Talkgroup struct {
|
||||
|
|
@ -22,7 +19,7 @@ type Talkgroup struct {
|
|||
}
|
||||
|
||||
func (t *Talkgroup) GetResourceName() string {
|
||||
return Resource
|
||||
return rbac.ResourceTalkgroup
|
||||
}
|
||||
|
||||
func (t Talkgroup) String() string {
|
||||
|
|
|
|||
|
|
@ -327,7 +327,7 @@ func addToRowList[T rowType](t *cache, tgRecords []T) []*tgsp.Talkgroup {
|
|||
}
|
||||
|
||||
func (t *cache) TGs(ctx context.Context, tgs tgsp.IDs, opts ...Option) ([]*tgsp.Talkgroup, error) {
|
||||
_, err := rbac.Check(ctx, rbac.UseResource(tgsp.Resource), rbac.WithActions(rbac.ActionRead))
|
||||
_, err := rbac.Check(ctx, rbac.UseResource(rbac.ResourceTalkgroup), rbac.WithActions(rbac.ActionRead))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue