github/drone
5
0
Fork 0
mirror of https://github.com/harness/drone.git synced 2025-05-06 18:20:50 +08:00
Code Issues Packages Projects Releases Wiki Activity
1115a5083b
drone/internal/auth/authz/unsafe.go
Johannes Batzill 1115a5083b Add Paths support and error improvements (#11) 
This change is adding the concept of Paths.
A repository and space always have a Primary Path which always is represents the ancestry to the root space.
All access history / resource visibility / child listings / UI traversal / etc. is done via that path.

Additionally, repos and spaces can have Alias Paths, which as the name states are aliases. via the primary path.
They sole impact is that a space or repo can be reached via different paths from the UI / rest apis / git apis.
This fulfills two major purposes:
- Customers can rename or move projects and spaces without breaking any existing references from CI pipeliens / code bases / local repos / ...
- Customer can create shorter aliases for important repos when in harness embeded mode! (acc/org/proj/repo can be shortened to acc/repo, or acc/repo'

Apart from the path changes, this PR adds:

Improved User facing errors
Improved internal error handling and wrapping
update / rename operation for repo and space
path list / delete / create operation for repo and space
2022-09-08 21:39:15 -07:00

45 lines
1.2 KiB
Go
Raw Blame History

// Copyright 2022 Harness Inc. All rights reserved.
// Use of this source code is governed by the Polyform Free Trial License
// that can be found in the LICENSE.md file for this repository.
package authz
import (
"fmt"
"github.com/harness/gitness/types"
"github.com/harness/gitness/types/enum"
)
var _ Authorizer = (*UnsafeAuthorizer)(nil)
/*
* An unsafe authorizer that gives permits any action and simply logs the permission request.
*/
type UnsafeAuthorizer struct{}
func NewUnsafeAuthorizer() Authorizer {
return &UnsafeAuthorizer{}
}
func (a *UnsafeAuthorizer) Check(principalType enum.PrincipalType, principalId string, scope *types.Scope, resource *types.Resource, permission enum.Permission) (bool, error) {
fmt.Printf(
"[Authz] %s '%s' requests %s for %s '%s' in scope %v\n",
principalType,
principalId,
permission,
resource.Type,
resource.Name,
scope,
)
return true, nil
}
func (a *UnsafeAuthorizer) CheckAll(principalType enum.PrincipalType, principalId string, permissionChecks ...*types.PermissionCheck) (bool, error) {
for _, p := range permissionChecks {
a.Check(principalType, principalId, &p.Scope, &p.Resource, p.Permission)
}
return true, nil
}
Reference in New Issue View Git Blame Copy Permalink