From e9415a471fe2a295ab6deb3e0a8c6483f20fa03f Mon Sep 17 00:00:00 2001 From: Daniel Ponte Date: Tue, 21 Jan 2025 08:20:13 -0500 Subject: [PATCH] still cycle --- pkg/incidents/incstore/rbac.go | 65 ---------------------------------- pkg/rbac/conditions.go | 53 +++++++++++++++++++++++++++ 2 files changed, 53 insertions(+), 65 deletions(-) delete mode 100644 pkg/incidents/incstore/rbac.go diff --git a/pkg/incidents/incstore/rbac.go b/pkg/incidents/incstore/rbac.go deleted file mode 100644 index 7f5af77..0000000 --- a/pkg/incidents/incstore/rbac.go +++ /dev/null @@ -1,65 +0,0 @@ -package incstore - -import ( - "context" - "errors" - "fmt" - - "github.com/el-mike/restrict/v2" - "github.com/google/uuid" -) - -const ( - CallInIncidentConditionType = "CALL_IN_INCIDENT" -) - -type CallInIncidentCondition struct { - ID string `json:"name,omitempty" yaml:"name,omitempty"` - Call *restrict.ValueDescriptor `json:"call" yaml:"call"` - Incident *restrict.ValueDescriptor `json:"incident" yaml:"incident"` -} - -func (*CallInIncidentCondition) Type() string { - return CallInIncidentConditionType -} - -func (c *CallInIncidentCondition) Check(r *restrict.AccessRequest) error { - callVID, err := c.Call.GetValue(r) - if err != nil { - return err - } - - incVID, err := c.Incident.GetValue(r) - if err != nil { - return err - } - - ctx, hasCtx := r.Context["ctx"].(context.Context) - if !hasCtx { - return restrict.NewConditionNotSatisfiedError(c, r, fmt.Errorf("no context provided")) - } - - incID, isUUID := incVID.(uuid.UUID) - if !isUUID { - return restrict.NewConditionNotSatisfiedError(c, r, errors.New("incident ID is not UUID")) - } - - callID, isUUID := callVID.(uuid.UUID) - if !isUUID { - return restrict.NewConditionNotSatisfiedError(c, r, errors.New("call ID is not UUID")) - } - - incs := FromCtx(ctx) - inCall, err := incs.CallIn(ctx, incID, incID) - if err != nil { - return restrict.NewConditionNotSatisfiedError(c, r, err) - } - - if !inCall { - return restrict.NewConditionNotSatisfiedError(c, r, fmt.Errorf(`incident "%v" not in call "%v"`, incID, callID)) - } - - return nil -} - - diff --git a/pkg/rbac/conditions.go b/pkg/rbac/conditions.go index 4d89604..dd0c723 100644 --- a/pkg/rbac/conditions.go +++ b/pkg/rbac/conditions.go @@ -1,17 +1,70 @@ package rbac import ( + "context" + "errors" "fmt" "reflect" "github.com/el-mike/restrict/v2" + "github.com/google/uuid" ) const ( SubmitterEqualConditionType = "SUBMITTER_EQUAL" InMapConditionType = "IN_MAP" + CallInIncidentConditionType = "CALL_IN_INCIDENT" ) +type CallInIncidentCondition struct { + ID string `json:"name,omitempty" yaml:"name,omitempty"` + Call *restrict.ValueDescriptor `json:"call" yaml:"call"` + Incident *restrict.ValueDescriptor `json:"incident" yaml:"incident"` +} + +func (*CallInIncidentCondition) Type() string { + return CallInIncidentConditionType +} + +func (c *CallInIncidentCondition) Check(r *restrict.AccessRequest) error { + callVID, err := c.Call.GetValue(r) + if err != nil { + return err + } + + incVID, err := c.Incident.GetValue(r) + if err != nil { + return err + } + + ctx, hasCtx := r.Context["ctx"].(context.Context) + if !hasCtx { + return restrict.NewConditionNotSatisfiedError(c, r, fmt.Errorf("no context provided")) + } + + incID, isUUID := incVID.(uuid.UUID) + if !isUUID { + return restrict.NewConditionNotSatisfiedError(c, r, errors.New("incident ID is not UUID")) + } + + callID, isUUID := callVID.(uuid.UUID) + if !isUUID { + return restrict.NewConditionNotSatisfiedError(c, r, errors.New("call ID is not UUID")) + } + + incs := FromCtx(ctx) + inCall, err := incs.CallIn(ctx, incID, incID) + if err != nil { + return restrict.NewConditionNotSatisfiedError(c, r, err) + } + + if !inCall { + return restrict.NewConditionNotSatisfiedError(c, r, fmt.Errorf(`incident "%v" not in call "%v"`, incID, callID)) + } + + return nil +} + type SubmitterEqualCondition struct { ID string `json:"name,omitempty" yaml:"name,omitempty"` Left *restrict.ValueDescriptor `json:"left" yaml:"left"`