-
Notifications
You must be signed in to change notification settings - Fork 139
/
Copy pathadmin_api_auth_routing_permissions.go
78 lines (68 loc) · 2.9 KB
/
admin_api_auth_routing_permissions.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
// Copyright 2022-Present Couchbase, Inc.
//
// Use of this software is governed by the Business Source License included
// in the file licenses/BSL-Couchbase.txt. As of the Change Date specified
// in that file, in accordance with the Business Source License, use of this
// software will be governed by the Apache License, Version 2.0, included in
// the file licenses/APL2.txt.
package rest
import (
"fmt"
"strings"
)
// Permission stores the name of a permission along whether it is database scoped. This is used to later obtain a
// formatted permission string for checking.
type Permission struct {
PermissionName string
DatabaseScoped bool
}
func (perm *Permission) FormattedName(bucketName string) string {
if perm.DatabaseScoped {
return fmt.Sprintf("cluster.collection[%s:_default:_default]%s", bucketName, perm.PermissionName)
}
return fmt.Sprintf("cluster%s", perm.PermissionName)
}
func FormatPermissionNames(perms []Permission, bucketName string) (formattedPerms []string) {
formattedPerms = make([]string, 0, len(perms))
for _, perm := range perms {
formattedPerms = append(formattedPerms, perm.FormattedName(bucketName))
}
return formattedPerms
}
func GetPermissionsNameFromFormatted(formattedName string) string {
// Handles cases where we have a bucket / collection scope
if split := strings.Split(formattedName, "]."); len(split) == 2 {
return split[1]
}
// Handles the cluster scoped permissions
if split := strings.Split(formattedName, "!"); len(split) == 2 {
return split[1]
}
// Otherwise just return as there's not much else we can do
return formattedName
}
func GetPermissionNameFromFormattedStrings(formattedNames []string) (perms []string) {
perms = make([]string, 0, len(formattedNames))
for _, formattedName := range formattedNames {
perms = append(perms, GetPermissionsNameFromFormatted(formattedName))
}
return perms
}
// Permissions to use with admin handlers
var (
PermCreateDb = Permission{".sgw.db!create", true}
PermDeleteDb = Permission{".sgw.db!delete", true}
PermUpdateDb = Permission{".sgw.db!update", true}
PermGetDb = Permission{".sgw.db!get", true}
PermConfigureSyncFn = Permission{".sgw.sync_function!configure", true}
PermConfigureAuth = Permission{".sgw.auth!configure", true}
PermWritePrincipal = Permission{".sgw.principal!write", true}
PermReadPrincipal = Permission{".sgw.principal!read", true}
PermReadAppData = Permission{".sgw.appdata!read", true}
PermReadPrincipalAppData = Permission{".sgw.principal_appdata!read", true}
PermWriteAppData = Permission{".sgw.appdata!write", true}
PermWriteReplications = Permission{".sgw.replications!write", true}
PermReadReplications = Permission{".sgw.replications!read", true}
PermDevOps = Permission{".sgw.dev_ops!all", false}
PermStatsExport = Permission{".admin.stats_export!read", false}
)