diff --git a/pkg/calls/call.go b/pkg/calls/call.go index 8511294..1f0e338 100644 --- a/pkg/calls/call.go +++ b/pkg/calls/call.go @@ -8,6 +8,7 @@ import ( "dynatron.me/x/stillbox/internal/audio" "dynatron.me/x/stillbox/internal/jsontypes" "dynatron.me/x/stillbox/pkg/pb" + "dynatron.me/x/stillbox/pkg/rbac" "dynatron.me/x/stillbox/pkg/talkgroups" "dynatron.me/x/stillbox/pkg/users" @@ -15,8 +16,6 @@ import ( "google.golang.org/protobuf/types/known/timestamppb" ) -const Resource = "call" - type CallDuration time.Duration func (d CallDuration) Duration() time.Duration { @@ -77,7 +76,7 @@ type Call struct { } func (c *Call) GetResourceName() string { - return Resource + return rbac.ResourceCall } func (c *Call) String() string { diff --git a/pkg/incidents/incident.go b/pkg/incidents/incident.go index 37aa68c..b48f152 100644 --- a/pkg/incidents/incident.go +++ b/pkg/incidents/incident.go @@ -5,6 +5,7 @@ import ( "dynatron.me/x/stillbox/internal/jsontypes" "dynatron.me/x/stillbox/pkg/calls" + "dynatron.me/x/stillbox/pkg/rbac" "dynatron.me/x/stillbox/pkg/users" "github.com/google/uuid" ) diff --git a/pkg/incidents/incstore/store.go b/pkg/incidents/incstore/store.go index 44d64b1..c2fa0a8 100644 --- a/pkg/incidents/incstore/store.go +++ b/pkg/incidents/incstore/store.go @@ -381,4 +381,3 @@ func (s *store) CallIn(ctx context.Context, inc uuid.UUID, call uuid.UUID) (bool db := database.FromCtx(ctx) return db.CallInIncident(ctx, inc, call) } - diff --git a/pkg/rbac/conditions.go b/pkg/rbac/conditions.go index dd0c723..91a0c3c 100644 --- a/pkg/rbac/conditions.go +++ b/pkg/rbac/conditions.go @@ -6,19 +6,21 @@ import ( "fmt" "reflect" + "dynatron.me/x/stillbox/pkg/database" + "github.com/el-mike/restrict/v2" "github.com/google/uuid" ) const ( SubmitterEqualConditionType = "SUBMITTER_EQUAL" - InMapConditionType = "IN_MAP" + InMapConditionType = "IN_MAP" CallInIncidentConditionType = "CALL_IN_INCIDENT" ) type CallInIncidentCondition struct { - ID string `json:"name,omitempty" yaml:"name,omitempty"` - Call *restrict.ValueDescriptor `json:"call" yaml:"call"` + ID string `json:"name,omitempty" yaml:"name,omitempty"` + Call *restrict.ValueDescriptor `json:"call" yaml:"call"` Incident *restrict.ValueDescriptor `json:"incident" yaml:"incident"` } @@ -52,8 +54,7 @@ func (c *CallInIncidentCondition) Check(r *restrict.AccessRequest) error { return restrict.NewConditionNotSatisfiedError(c, r, errors.New("call ID is not UUID")) } - incs := FromCtx(ctx) - inCall, err := incs.CallIn(ctx, incID, incID) + inCall, err := database.FromCtx(ctx).CallInIncident(ctx, incID, incID) if err != nil { return restrict.NewConditionNotSatisfiedError(c, r, err) } @@ -106,7 +107,7 @@ func SubmitterEqualConditionFactory() restrict.Condition { } type InMapCondition[K comparable, V any] struct { - ID string `json:"name,omitempty" yaml:"name,omitempty"` + ID string `json:"name,omitempty" yaml:"name,omitempty"` Key *restrict.ValueDescriptor `json:"key" yaml:"key"` Map *restrict.ValueDescriptor `json:"map" yaml:"map"` } diff --git a/pkg/rbac/policy.go b/pkg/rbac/policy.go index 894903d..0e76ca2 100644 --- a/pkg/rbac/policy.go +++ b/pkg/rbac/policy.go @@ -1,8 +1,6 @@ package rbac import ( - "dynatron.me/x/stillbox/pkg/incidents/incstore" - "github.com/el-mike/restrict/v2" ) @@ -13,9 +11,9 @@ const ( PresetReadSharedInMap = "readSharedInMap" PresetShareOwn = "shareOwn" - PresetUpdateSubmitter = "updateSubmitter" - PresetDeleteSubmitter = "deleteSubmitter" - PresetShareSubmitter = "shareSubmitter" + PresetUpdateSubmitter = "updateSubmitter" + PresetDeleteSubmitter = "deleteSubmitter" + PresetShareSubmitter = "shareSubmitter" PresetReadInSharedIncident = "readInSharedIncident" ) @@ -226,7 +224,7 @@ var Policy = &restrict.PolicyDefinition{ PresetReadInSharedIncident: &restrict.Permission{ Action: ActionRead, Conditions: restrict.Conditions{ - &incstore.CallInIncidentCondition{ + &CallInIncidentCondition{ ID: "callInIncident", Call: &restrict.ValueDescriptor{ Source: restrict.ResourceField, diff --git a/pkg/rbac/rbac.go b/pkg/rbac/rbac.go index 778a5c2..d1f9ec4 100644 --- a/pkg/rbac/rbac.go +++ b/pkg/rbac/rbac.go @@ -8,8 +8,6 @@ import ( "github.com/el-mike/restrict/v2/adapters" ) - - var ( ErrBadSubject = errors.New("bad subject in token") ) @@ -124,7 +122,6 @@ func (r *rbac) Check(ctx context.Context, res restrict.Resource, opts ...CheckOp sub := SubjectFrom(ctx) o := checkOptions{} - for _, opt := range opts { opt(&o) } diff --git a/pkg/talkgroups/talkgroup.go b/pkg/talkgroups/talkgroup.go index c2b306f..7965e98 100644 --- a/pkg/talkgroups/talkgroup.go +++ b/pkg/talkgroups/talkgroup.go @@ -9,10 +9,7 @@ import ( "strings" "dynatron.me/x/stillbox/pkg/database" -) - -const ( - Resource = "Talkgroup" + "dynatron.me/x/stillbox/pkg/rbac" ) type Talkgroup struct { @@ -22,7 +19,7 @@ type Talkgroup struct { } func (t *Talkgroup) GetResourceName() string { - return Resource + return rbac.ResourceTalkgroup } func (t Talkgroup) String() string { diff --git a/pkg/talkgroups/tgstore/store.go b/pkg/talkgroups/tgstore/store.go index 42a347c..64a010e 100644 --- a/pkg/talkgroups/tgstore/store.go +++ b/pkg/talkgroups/tgstore/store.go @@ -327,7 +327,7 @@ func addToRowList[T rowType](t *cache, tgRecords []T) []*tgsp.Talkgroup { } func (t *cache) TGs(ctx context.Context, tgs tgsp.IDs, opts ...Option) ([]*tgsp.Talkgroup, error) { - _, err := rbac.Check(ctx, rbac.UseResource(tgsp.Resource), rbac.WithActions(rbac.ActionRead)) + _, err := rbac.Check(ctx, rbac.UseResource(rbac.ResourceTalkgroup), rbac.WithActions(rbac.ActionRead)) if err != nil { return nil, err }