amigan/stillbox
1
1
Fork 0
Code Issues 33 Pull requests Projects Releases Packages Wiki Activity Actions

still cycle

Browse source
This commit is contained in:
Daniel Ponte 2025-01-21 08:20:13 -05:00
parent 5ff3066d6d
commit e9415a471f
2 changed files with 53 additions and 65 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

65
pkg/incidents/incstore/rbac.go
View file

@ -1,65 +0,0 @@
package incstore
import (
"context"
"errors"
"fmt"
"github.com/el-mike/restrict/v2"
"github.com/google/uuid"
)
const (
CallInIncidentConditionType = "CALL_IN_INCIDENT"
)
type CallInIncidentCondition struct {
ID string `json:"name,omitempty" yaml:"name,omitempty"`
Call *restrict.ValueDescriptor `json:"call" yaml:"call"`
Incident *restrict.ValueDescriptor `json:"incident" yaml:"incident"`
}
func (*CallInIncidentCondition) Type() string {
return CallInIncidentConditionType
}
func (c *CallInIncidentCondition) Check(r *restrict.AccessRequest) error {
callVID, err := c.Call.GetValue(r)
if err != nil {
return err
}
incVID, err := c.Incident.GetValue(r)
if err != nil {
return err
}
ctx, hasCtx := r.Context["ctx"].(context.Context)
if !hasCtx {
return restrict.NewConditionNotSatisfiedError(c, r, fmt.Errorf("no context provided"))
}
incID, isUUID := incVID.(uuid.UUID)
if !isUUID {
return restrict.NewConditionNotSatisfiedError(c, r, errors.New("incident ID is not UUID"))
}
callID, isUUID := callVID.(uuid.UUID)
if !isUUID {
return restrict.NewConditionNotSatisfiedError(c, r, errors.New("call ID is not UUID"))
}
incs := FromCtx(ctx)
inCall, err := incs.CallIn(ctx, incID, incID)
if err != nil {
return restrict.NewConditionNotSatisfiedError(c, r, err)
}
if !inCall {
return restrict.NewConditionNotSatisfiedError(c, r, fmt.Errorf(`incident "%v" not in call "%v"`, incID, callID))
}
return nil
}

53
pkg/rbac/conditions.go
View file

@ -1,17 +1,70 @@
package rbac package rbac
import ( import (
"context"
"errors"
"fmt" "fmt"
"reflect" "reflect"
"github.com/el-mike/restrict/v2" "github.com/el-mike/restrict/v2"
"github.com/google/uuid"
) )
const ( const (
SubmitterEqualConditionType = "SUBMITTER_EQUAL" SubmitterEqualConditionType = "SUBMITTER_EQUAL"
InMapConditionType = "IN_MAP" InMapConditionType = "IN_MAP"
CallInIncidentConditionType = "CALL_IN_INCIDENT"
) )
type CallInIncidentCondition struct {
ID string `json:"name,omitempty" yaml:"name,omitempty"`
Call *restrict.ValueDescriptor `json:"call" yaml:"call"`
Incident *restrict.ValueDescriptor `json:"incident" yaml:"incident"`
}
func (*CallInIncidentCondition) Type() string {
return CallInIncidentConditionType
}
func (c *CallInIncidentCondition) Check(r *restrict.AccessRequest) error {
callVID, err := c.Call.GetValue(r)
if err != nil {
return err
}
incVID, err := c.Incident.GetValue(r)
if err != nil {
return err
}
ctx, hasCtx := r.Context["ctx"].(context.Context)
if !hasCtx {
return restrict.NewConditionNotSatisfiedError(c, r, fmt.Errorf("no context provided"))
}
incID, isUUID := incVID.(uuid.UUID)
if !isUUID {
return restrict.NewConditionNotSatisfiedError(c, r, errors.New("incident ID is not UUID"))
}
callID, isUUID := callVID.(uuid.UUID)
if !isUUID {
return restrict.NewConditionNotSatisfiedError(c, r, errors.New("call ID is not UUID"))
}
incs := FromCtx(ctx)
inCall, err := incs.CallIn(ctx, incID, incID)
if err != nil {
return restrict.NewConditionNotSatisfiedError(c, r, err)
}
if !inCall {
return restrict.NewConditionNotSatisfiedError(c, r, fmt.Errorf(`incident "%v" not in call "%v"`, incID, callID))
}
return nil
}
type SubmitterEqualCondition struct { type SubmitterEqualCondition struct {
ID string `json:"name,omitempty" yaml:"name,omitempty"` ID string `json:"name,omitempty" yaml:"name,omitempty"`
Left *restrict.ValueDescriptor `json:"left" yaml:"left"` Left *restrict.ValueDescriptor `json:"left" yaml:"left"`