mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-12 19:14:23 +00:00
c07ed83c41
* feat: eventstore repository * fix: remove gorm * version * feat: pkg * feat: add some files for project * feat: eventstore without eventstore-lib * rename files * gnueg * fix: key json * fix: add object * fix: change imports * fix: internal models * fix: some imports * fix: global model * fix: add some functions on repo * feat(eventstore): sdk * fix(eventstore): search query * fix(eventstore): rename app to eventstore * delete empty test * remove unused func * merge master * fix(eventstore): tests * fix(models): delete unused struct * fix: some funcitons * feat(eventstore): implemented push events * fix: move project eventstore to project package * fix: change project eventstore funcs * feat(eventstore): overwrite context data * fix: change project eventstore * fix: add project repo to mgmt server * feat(types): SQL-config * fix: commented code * feat(eventstore): options to overwrite editor * feat: auth interceptor and cockroach migrations * fix: migrations * fix: fix filter * fix: not found on getbyid * fix: add sequence * fix: add some tests * fix(eventstore): nullable sequence * fix: add some tests * merge * fix: add some tests * fix(migrations): correct statements for sequence * fix: add some tests * fix: add some tests * fix: changes from mr * Update internal/eventstore/models/field.go Co-Authored-By: livio-a <livio.a@gmail.com> * fix(eventstore): code quality * fix: add types to aggregate/Event-types * fix(eventstore): rename modifier* to editor* * fix(eventstore): delete editor_org * fix(migrations): remove editor_org field, rename modifier_* to editor_* * fix: generate files * fix(eventstore): tests * fix(eventstore): rename modifier to editor * fix(migrations): add cluster migration, fix(migrations): fix typo of host in clean clsuter * fix(eventstore): move health * fix(eventstore): AggregateTypeFilter aggregateType as param * code quality * feat: start implementing project members * feat: remove member funcs * feat: remove member model * feat: remove member events * feat: remove member repo model * fix: better error func testing * Update docs/local.md Co-Authored-By: Silvan <silvan.reusser@gmail.com> * Update docs/local.md Co-Authored-By: Silvan <silvan.reusser@gmail.com> * fix: mr requests * fix: md file Co-authored-by: adlerhurst <silvan.reusser@gmail.com> Co-authored-by: livio-a <livio.a@gmail.com>
115 lines
2.6 KiB
Go
115 lines
2.6 KiB
Go
package auth
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"reflect"
|
|
"strings"
|
|
|
|
"github.com/caos/zitadel/internal/errors"
|
|
)
|
|
|
|
const (
|
|
authenticated = "authenticated"
|
|
)
|
|
|
|
func CheckUserAuthorization(ctx context.Context, req interface{}, token, orgID string, verifier TokenVerifier, authConfig *Config, requiredAuthOption Option) (context.Context, error) {
|
|
ctx, err := VerifyTokenAndWriteCtxData(ctx, token, orgID, verifier)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
var perms []string
|
|
//TODO: Remove as soon as authentification is implemented
|
|
if CheckInternal(ctx) {
|
|
return ctx, nil
|
|
}
|
|
if requiredAuthOption.Permission == authenticated {
|
|
return ctx, nil
|
|
}
|
|
|
|
ctx, perms, err = getUserMethodPermissions(ctx, verifier, requiredAuthOption.Permission, authConfig)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
err = checkUserPermissions(req, perms, requiredAuthOption)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return ctx, nil
|
|
}
|
|
|
|
func checkUserPermissions(req interface{}, userPerms []string, authOpt Option) error {
|
|
if len(userPerms) == 0 {
|
|
return errors.ThrowPermissionDenied(nil, "AUTH-5mWD2", "No matching permissions found")
|
|
}
|
|
|
|
if authOpt.CheckParam == "" {
|
|
return nil
|
|
}
|
|
|
|
if HasGlobalPermission(userPerms) {
|
|
return nil
|
|
}
|
|
|
|
if hasContextPermission(req, authOpt.CheckParam, userPerms) {
|
|
return nil
|
|
}
|
|
|
|
return errors.ThrowPermissionDenied(nil, "AUTH-3jknH", "No matching permissions found")
|
|
}
|
|
|
|
func SplitPermission(perm string) (string, string) {
|
|
splittedPerm := strings.Split(perm, ":")
|
|
if len(splittedPerm) == 1 {
|
|
return splittedPerm[0], ""
|
|
}
|
|
return splittedPerm[0], splittedPerm[1]
|
|
}
|
|
|
|
func hasContextPermission(req interface{}, fieldName string, permissions []string) bool {
|
|
for _, perm := range permissions {
|
|
_, ctxID := SplitPermission(perm)
|
|
if checkPermissionContext(req, fieldName, ctxID) {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
func checkPermissionContext(req interface{}, fieldName, roleContextID string) bool {
|
|
field := getFieldFromReq(req, fieldName)
|
|
return field != "" && field == roleContextID
|
|
}
|
|
|
|
func getFieldFromReq(req interface{}, field string) string {
|
|
v := reflect.Indirect(reflect.ValueOf(req)).FieldByName(field)
|
|
if reflect.ValueOf(v).IsZero() {
|
|
return ""
|
|
}
|
|
return fmt.Sprintf("%v", v.Interface())
|
|
}
|
|
|
|
func HasGlobalPermission(perms []string) bool {
|
|
for _, perm := range perms {
|
|
_, ctxID := SplitPermission(perm)
|
|
if ctxID == "" {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
func GetPermissionCtxIDs(perms []string) []string {
|
|
ctxIDs := make([]string, 0)
|
|
for _, perm := range perms {
|
|
_, ctxID := SplitPermission(perm)
|
|
if ctxID != "" {
|
|
ctxIDs = append(ctxIDs, ctxID)
|
|
}
|
|
}
|
|
return ctxIDs
|
|
}
|