forked from
tangled.org/core
Mirror of @tangled.org/core. Running on a Raspberry Pi Zero 2 (Please be gentle).
rbac: add spindle and spindle member ops
Signed-off-by: oppiliappan <me@oppi.li>
+188
-2
+30
rbac/rbac.go
+30
rbac/rbac.go
···
90
90
return err
91
91
}
92
92
93
+
func (e *Enforcer) RemoveSpindle(spindle string) error {
94
+
spindle = intoSpindle(spindle)
95
+
_, err := e.E.DeleteDomains(spindle)
96
+
return err
97
+
}
98
+
93
99
func (e *Enforcer) GetKnotsForUser(did string) ([]string, error) {
94
100
keepFunc := isNotSpindle
95
101
stripFunc := unSpindle
···
112
106
return e.addOwner(domain, owner)
113
107
}
114
108
109
+
func (e *Enforcer) RemoveKnotOwner(domain, owner string) error {
110
+
return e.removeOwner(domain, owner)
111
+
}
112
+
115
113
func (e *Enforcer) AddKnotMember(domain, member string) error {
116
114
return e.addMember(domain, member)
115
+
}
116
+
117
+
func (e *Enforcer) RemoveKnotMember(domain, member string) error {
118
+
return e.removeMember(domain, member)
117
119
}
118
120
119
121
func (e *Enforcer) AddSpindleOwner(domain, owner string) error {
120
122
return e.addOwner(intoSpindle(domain), owner)
121
123
}
122
124
125
+
func (e *Enforcer) RemoveSpindleOwner(domain, owner string) error {
126
+
return e.removeOwner(intoSpindle(domain), owner)
127
+
}
128
+
123
129
func (e *Enforcer) AddSpindleMember(domain, member string) error {
124
130
return e.addMember(intoSpindle(domain), member)
131
+
}
132
+
133
+
func (e *Enforcer) RemoveSpindleMember(domain, member string) error {
134
+
return e.removeMember(intoSpindle(domain), member)
125
135
}
126
136
127
137
func repoPolicies(member, domain, repo string) [][]string {
···
216
194
217
195
slices.Sort(membersWithoutRoles)
218
196
return slices.Compact(membersWithoutRoles), nil
197
+
}
198
+
199
+
func (e *Enforcer) GetKnotUsersByRole(role, domain string) ([]string, error) {
200
+
return e.GetUserByRole(role, domain)
201
+
}
202
+
203
+
func (e *Enforcer) GetSpindleUsersByRole(role, domain string) ([]string, error) {
204
+
return e.GetUserByRole(role, intoSpindle(domain))
219
205
}
220
206
221
207
func (e *Enforcer) GetUserByRoleInRepo(role, domain, repo string) ([]string, error) {
+148
-2
rbac/rbac_test.go
+148
-2
rbac/rbac_test.go
···
214
214
assert.Contains(t, knots2, "example.com")
215
215
}
216
216
217
-
func TestGetUserByRole(t *testing.T) {
217
+
func TestGetKnotUsersByRole(t *testing.T) {
218
218
e := setup(t)
219
219
_ = e.AddKnot("example.com")
220
220
_ = e.AddKnotMember("example.com", "did:plc:foo")
221
221
_ = e.AddKnotOwner("example.com", "did:plc:bar")
222
222
223
-
members, _ := e.GetUserByRole("server:member", "example.com")
223
+
members, _ := e.GetKnotUsersByRole("server:member", "example.com")
224
+
assert.Contains(t, members, "did:plc:foo")
225
+
assert.Contains(t, members, "did:plc:bar") // due to inheritance
226
+
}
227
+
228
+
func TestGetSpindleUsersByRole(t *testing.T) {
229
+
e := setup(t)
230
+
_ = e.AddSpindle("example.com")
231
+
_ = e.AddSpindleMember("example.com", "did:plc:foo")
232
+
_ = e.AddSpindleOwner("example.com", "did:plc:bar")
233
+
234
+
members, _ := e.GetSpindleUsersByRole("server:member", "example.com")
224
235
assert.Contains(t, members, "did:plc:foo")
225
236
assert.Contains(t, members, "did:plc:bar") // due to inheritance
226
237
}
···
311
300
ok, err = e.IsSpindleMember("did:plc:foo", "s.com")
312
301
assert.NoError(t, err)
313
302
assert.True(t, ok)
303
+
}
304
+
305
+
func TestRemoveKnotOwner(t *testing.T) {
306
+
e := setup(t)
307
+
308
+
err := e.AddKnot("k.com")
309
+
assert.NoError(t, err)
310
+
311
+
err = e.AddKnotOwner("k.com", "did:plc:foo")
312
+
assert.NoError(t, err)
313
+
314
+
knots, err := e.GetKnotsForUser("did:plc:foo")
315
+
assert.NoError(t, err)
316
+
assert.ElementsMatch(t, []string{
317
+
"k.com",
318
+
}, knots)
319
+
320
+
err = e.RemoveKnotOwner("k.com", "did:plc:foo")
321
+
assert.NoError(t, err)
322
+
323
+
knots, err = e.GetKnotsForUser("did:plc:foo")
324
+
assert.NoError(t, err)
325
+
assert.Empty(t, knots)
326
+
}
327
+
328
+
func TestRemoveKnotMember(t *testing.T) {
329
+
e := setup(t)
330
+
331
+
err := e.AddKnot("k.com")
332
+
assert.NoError(t, err)
333
+
334
+
err = e.AddKnotOwner("k.com", "did:plc:foo")
335
+
assert.NoError(t, err)
336
+
337
+
err = e.AddKnotMember("k.com", "did:plc:bar")
338
+
assert.NoError(t, err)
339
+
340
+
knots, err := e.GetKnotsForUser("did:plc:bar")
341
+
assert.NoError(t, err)
342
+
assert.ElementsMatch(t, []string{
343
+
"k.com",
344
+
}, knots)
345
+
346
+
err = e.RemoveKnotMember("k.com", "did:plc:bar")
347
+
assert.NoError(t, err)
348
+
349
+
knots, err = e.GetKnotsForUser("did:plc:bar")
350
+
assert.NoError(t, err)
351
+
assert.Empty(t, knots)
352
+
}
353
+
354
+
func TestRemoveSpindleOwner(t *testing.T) {
355
+
e := setup(t)
356
+
357
+
err := e.AddSpindle("s.com")
358
+
assert.NoError(t, err)
359
+
360
+
err = e.AddSpindleOwner("s.com", "did:plc:foo")
361
+
assert.NoError(t, err)
362
+
363
+
spindles, err := e.GetSpindlesForUser("did:plc:foo")
364
+
assert.NoError(t, err)
365
+
assert.ElementsMatch(t, []string{
366
+
"s.com",
367
+
}, spindles)
368
+
369
+
err = e.RemoveSpindleOwner("s.com", "did:plc:foo")
370
+
assert.NoError(t, err)
371
+
372
+
spindles, err = e.GetSpindlesForUser("did:plc:foo")
373
+
assert.NoError(t, err)
374
+
assert.Empty(t, spindles)
375
+
}
376
+
377
+
func TestRemoveSpindleMember(t *testing.T) {
378
+
e := setup(t)
379
+
380
+
err := e.AddSpindle("s.com")
381
+
assert.NoError(t, err)
382
+
383
+
err = e.AddSpindleOwner("s.com", "did:plc:foo")
384
+
assert.NoError(t, err)
385
+
386
+
err = e.AddSpindleMember("s.com", "did:plc:bar")
387
+
assert.NoError(t, err)
388
+
389
+
spindles, err := e.GetSpindlesForUser("did:plc:foo")
390
+
assert.NoError(t, err)
391
+
assert.ElementsMatch(t, []string{
392
+
"s.com",
393
+
}, spindles)
394
+
395
+
spindles, err = e.GetSpindlesForUser("did:plc:bar")
396
+
assert.NoError(t, err)
397
+
assert.ElementsMatch(t, []string{
398
+
"s.com",
399
+
}, spindles)
400
+
401
+
err = e.RemoveSpindleMember("s.com", "did:plc:bar")
402
+
assert.NoError(t, err)
403
+
404
+
spindles, err = e.GetSpindlesForUser("did:plc:bar")
405
+
assert.NoError(t, err)
406
+
assert.Empty(t, spindles)
407
+
}
408
+
409
+
func TestRemoveSpindle(t *testing.T) {
410
+
e := setup(t)
411
+
412
+
err := e.AddSpindle("s.com")
413
+
assert.NoError(t, err)
414
+
415
+
err = e.AddSpindleOwner("s.com", "did:plc:foo")
416
+
assert.NoError(t, err)
417
+
418
+
err = e.AddSpindleMember("s.com", "did:plc:bar")
419
+
assert.NoError(t, err)
420
+
421
+
users, err := e.GetSpindleUsersByRole("server:member", "s.com")
422
+
assert.NoError(t, err)
423
+
assert.ElementsMatch(t, []string{
424
+
"did:plc:foo",
425
+
"did:plc:bar",
426
+
}, users)
427
+
428
+
err = e.RemoveSpindle("s.com")
429
+
assert.NoError(t, err)
430
+
431
+
// TODO: see this issue https://github.com/casbin/casbin/issues/1492
432
+
// s, err := e.E.GetAllDomains()
433
+
// assert.Empty(t, s)
434
+
435
+
spindles, err := e.GetSpindleUsersByRole("server:member", "s.com")
436
+
assert.NoError(t, err)
437
+
assert.Empty(t, spindles)
314
438
}
+10
rbac/util.go
+10
rbac/util.go
···
29
29
return err
30
30
}
31
31
32
+
func (e *Enforcer) removeOwner(domain, owner string) error {
33
+
_, err := e.E.RemoveGroupingPolicy(owner, "server:owner", domain)
34
+
return err
35
+
}
36
+
32
37
func (e *Enforcer) addMember(domain, member string) error {
33
38
_, err := e.E.AddGroupingPolicy(member, "server:member", domain)
39
+
return err
40
+
}
41
+
42
+
func (e *Enforcer) removeMember(domain, member string) error {
43
+
_, err := e.E.RemoveGroupingPolicy(member, "server:member", domain)
34
44
return err
35
45
}
36
46