mirror of
https://github.com/harness/drone.git
synced 2025-05-17 13:00:15 +00:00
1115a5083b
This change is adding the concept of Paths. A repository and space always have a Primary Path which always is represents the ancestry to the root space. All access history / resource visibility / child listings / UI traversal / etc. is done via that path. Additionally, repos and spaces can have Alias Paths, which as the name states are aliases. via the primary path. They sole impact is that a space or repo can be reached via different paths from the UI / rest apis / git apis. This fulfills two major purposes: - Customers can rename or move projects and spaces without breaking any existing references from CI pipeliens / code bases / local repos / ... - Customer can create shorter aliases for important repos when in harness embeded mode! (acc/org/proj/repo can be shortened to acc/repo, or acc/repo' Apart from the path changes, this PR adds: Improved User facing errors Improved internal error handling and wrapping update / rename operation for repo and space path list / delete / create operation for repo and space
125 lines
3.3 KiB
Go
125 lines
3.3 KiB
Go
// Copyright 2021 Harness Inc. All rights reserved.
|
|
// Use of this source code is governed by the Polyform Free Trial License
|
|
// that can be found in the LICENSE.md file for this repository.
|
|
|
|
package guard
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http"
|
|
|
|
"github.com/harness/gitness/internal/api/render"
|
|
"github.com/harness/gitness/internal/api/request"
|
|
"github.com/harness/gitness/internal/auth/authz"
|
|
"github.com/harness/gitness/types"
|
|
"github.com/harness/gitness/types/enum"
|
|
"github.com/harness/gitness/types/errs"
|
|
"github.com/pkg/errors"
|
|
"github.com/rs/zerolog/hlog"
|
|
)
|
|
|
|
const (
|
|
actionRequiresAuthentication = "Action requires authentication."
|
|
)
|
|
|
|
type Guard struct {
|
|
authorizer authz.Authorizer
|
|
}
|
|
|
|
func New(authorizer authz.Authorizer) *Guard {
|
|
return &Guard{authorizer: authorizer}
|
|
}
|
|
|
|
/*
|
|
* EnforceAdmin is a middleware that enforces that the user is authenticated and an admin.
|
|
*/
|
|
func (g *Guard) EnforceAdmin(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
ctx := r.Context()
|
|
user, ok := request.UserFrom(ctx)
|
|
if !ok {
|
|
render.Unauthorizedf(w, actionRequiresAuthentication)
|
|
return
|
|
}
|
|
|
|
if !user.Admin {
|
|
render.Forbiddenf(w, "Action requires admin privileges.")
|
|
return
|
|
}
|
|
|
|
next.ServeHTTP(w, r)
|
|
})
|
|
}
|
|
|
|
/*
|
|
* EnforceAuthenticated is a middleware that enforces that the user is authenticated.
|
|
*/
|
|
func (g *Guard) EnforceAuthenticated(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
ctx := r.Context()
|
|
_, ok := request.UserFrom(ctx)
|
|
if !ok {
|
|
render.Unauthorizedf(w, actionRequiresAuthentication)
|
|
return
|
|
}
|
|
|
|
next.ServeHTTP(w, r)
|
|
})
|
|
}
|
|
|
|
/*
|
|
* Enforces that the executing principal has requested permission on the resource.
|
|
* returns true if it's the case, otherwise renders the appropriate error and returns false.
|
|
*/
|
|
func (g *Guard) Enforce(w http.ResponseWriter, r *http.Request, scope *types.Scope, resource *types.Resource, permission enum.Permission) bool {
|
|
|
|
err := g.Check(r, scope, resource, permission)
|
|
|
|
// render error if needed
|
|
if errors.Is(err, errs.NotAuthenticated) {
|
|
render.Unauthorizedf(w, actionRequiresAuthentication)
|
|
} else if errors.Is(err, errs.NotAuthorized) {
|
|
render.Forbiddenf(w, "User not authorized to perform %s on resource %v in scope %v",
|
|
permission,
|
|
resource,
|
|
scope)
|
|
} else if err != nil {
|
|
// log err for debugging
|
|
log := hlog.FromRequest(r)
|
|
log.Err(err).Msg("Encountered unexpected error while enforcing permission.")
|
|
|
|
render.InternalError(w, errs.Internal)
|
|
}
|
|
|
|
return err == nil
|
|
}
|
|
|
|
/*
|
|
* Checks whether the principal executing the request has the requested permission on the resource.
|
|
* Returns nil if the user is confirmed to be permitted to execute the action, otherwise returns errors
|
|
* NotAuthenticated, NotAuthorized, or any unerlaying error.
|
|
*/
|
|
func (g *Guard) Check(r *http.Request, scope *types.Scope, resource *types.Resource, permission enum.Permission) error {
|
|
u, present := request.UserFrom(r.Context())
|
|
if !present {
|
|
return errs.NotAuthenticated
|
|
}
|
|
|
|
// TODO: don't hardcode principal type USER
|
|
authorized, err := g.authorizer.Check(
|
|
enum.PrincipalTypeUser,
|
|
fmt.Sprint(u.ID),
|
|
scope,
|
|
resource,
|
|
permission)
|
|
if err != nil {
|
|
return errors.Wrap(err, "Authorization check failed")
|
|
}
|
|
|
|
if !authorized {
|
|
return errs.NotAuthorized
|
|
}
|
|
|
|
return nil
|
|
}
|