William Petit
3ef495445a
serveur - Création d'un service d'autorisation dynamique basé sur des "voter" (à la Symfony) - Mise en place des autorisations sur les principales queries/mutations de l'API GraphQL
79 lines
1.6 KiB
Go
79 lines
1.6 KiB
Go
package graph
|
|
|
|
import (
|
|
"context"
|
|
|
|
"forge.cadoles.com/Cadoles/daddy/internal/voter"
|
|
|
|
"forge.cadoles.com/Cadoles/daddy/internal/model"
|
|
"forge.cadoles.com/Cadoles/daddy/internal/orm"
|
|
"forge.cadoles.com/Cadoles/daddy/internal/session"
|
|
"github.com/jinzhu/gorm"
|
|
|
|
"github.com/pkg/errors"
|
|
"gitlab.com/wpetit/goweb/middleware/container"
|
|
)
|
|
|
|
func getDB(ctx context.Context) (*gorm.DB, error) {
|
|
ctn, err := container.From(ctx)
|
|
if err != nil {
|
|
return nil, errors.WithStack(err)
|
|
}
|
|
|
|
orm, err := orm.From(ctn)
|
|
if err != nil {
|
|
return nil, errors.WithStack(err)
|
|
}
|
|
|
|
return orm.DB(), nil
|
|
}
|
|
|
|
func getSessionUser(ctx context.Context) (*model.User, *gorm.DB, error) {
|
|
db, err := getDB(ctx)
|
|
if err != nil {
|
|
return nil, nil, errors.WithStack(err)
|
|
}
|
|
|
|
userEmail, err := session.UserEmail(ctx)
|
|
if err != nil {
|
|
return nil, nil, errors.WithStack(err)
|
|
}
|
|
|
|
repo := model.NewUserRepository(db)
|
|
|
|
user, err := repo.FindUserByEmail(ctx, userEmail)
|
|
if err != nil {
|
|
return nil, nil, errors.WithStack(err)
|
|
}
|
|
|
|
return user, db, nil
|
|
}
|
|
|
|
func isAuthorized(ctx context.Context, obj interface{}, action interface{}) (bool, error) {
|
|
user, _, err := getSessionUser(ctx)
|
|
if err != nil {
|
|
return false, errors.WithStack(err)
|
|
}
|
|
|
|
ctn, err := container.From(ctx)
|
|
if err != nil {
|
|
return false, errors.WithStack(err)
|
|
}
|
|
|
|
voterSrv, err := voter.From(ctn)
|
|
if err != nil {
|
|
return false, errors.WithStack(err)
|
|
}
|
|
|
|
decision, err := voterSrv.Authorized(ctx, user, obj, action)
|
|
if err != nil {
|
|
return false, errors.WithStack(err)
|
|
}
|
|
|
|
if decision == voter.Allow {
|
|
return true, nil
|
|
}
|
|
|
|
return false, nil
|
|
}
|